Home Page › Forums › Network Management › ZeroShell › Certificate passwords › Reply To: Certificate passwords
I think I might have found us OSX users a short work around from here:
http://www.jacco2.dds.nl/networking/freeswan-panther.html
Below is a cut and paste from section 8.4.1 of the page.
8.4.1 Alternative method of importing the machine certificate
If you are a die-hard command line fan you can use the utility ‘certtool’ that is included with Mac OS X. It works for me but I did not look into this much because the command line scares off most users. Anyway, here are the commands for importing a file in PKCS#12 format. This example assume the file is called ‘yourcrt.p12’.
openssl pkcs12 -in yourcrt.p12 -cacerts -out ca.pem -nokeys
openssl pkcs12 -in yourcrt.p12 -clcerts -out client.pem -nokeys
openssl pkcs12 -in yourcrt.p12 -nocerts -out key.pem -nodes
cp /System/Library/Keychains/X509Anchors $HOME/Library/Keychains/X509Anchors.bkp
cp /Library/Keychains/System.keychain $HOME/Library/Keychains/System.keychain.bkp
certtool i ca.pem k=X509anchors.bkp v
certtool i client.pem r=key.pem f=1 k=System.keychain.bkp v
sudo cp $HOME/Library/Keychains/X509Anchors.bkp /System/Library/Keychains/X509Anchors
sudo cp $HOME/Library/Keychains/System.keychain.bkp /Library/Keychains/System.keychain
rm -fr ca.pem client.pem key.pem
You will be asked three times for the certificate password. After that, you will be asked for the Keychain Access password and then for your login password.
A word of advice: copy, paste and execute these lines one by one in a Terminal window. Typing them is error prone.
In doing the steps above it allowed me toimport a user certificate and a host certificate to allow me to configure L2TP from internet conect using only certs.