Reply To: Certificate passwords

Home Page Forums Network Management ZeroShell Certificate passwords Reply To: Certificate passwords

#45032

greyman
Member

I think I might have found us OSX users a short work around from here:

http://www.jacco2.dds.nl/networking/freeswan-panther.html

Below is a cut and paste from section 8.4.1 of the page.

8.4.1 Alternative method of importing the machine certificate

If you are a die-hard command line fan you can use the utility ‘certtool’ that is included with Mac OS X. It works for me but I did not look into this much because the command line scares off most users. Anyway, here are the commands for importing a file in PKCS#12 format. This example assume the file is called ‘yourcrt.p12’.


openssl pkcs12 -in yourcrt.p12 -cacerts -out ca.pem -nokeys
openssl pkcs12 -in yourcrt.p12 -clcerts -out client.pem -nokeys
openssl pkcs12 -in yourcrt.p12 -nocerts -out key.pem -nodes
cp /System/Library/Keychains/X509Anchors $HOME/Library/Keychains/X509Anchors.bkp
cp /Library/Keychains/System.keychain $HOME/Library/Keychains/System.keychain.bkp
certtool i ca.pem k=X509anchors.bkp v
certtool i client.pem r=key.pem f=1 k=System.keychain.bkp v
sudo cp $HOME/Library/Keychains/X509Anchors.bkp /System/Library/Keychains/X509Anchors
sudo cp $HOME/Library/Keychains/System.keychain.bkp /Library/Keychains/System.keychain
rm -fr ca.pem client.pem key.pem

You will be asked three times for the certificate password. After that, you will be asked for the Keychain Access password and then for your login password.

A word of advice: copy, paste and execute these lines one by one in a Terminal window. Typing them is error prone.

In doing the steps above it allowed me toimport a user certificate and a host certificate to allow me to configure L2TP from internet conect using only certs.