In Denmark the government is pushing the use of a digital certificate to identify against most government websites, etc. and for signing and encrypting email. I kinda like the idea so I signed up for one back in ’04. It expired last month, though so I have renewed it, although not without my fair amount of trouble. Apparently Linux and/or Firefox isn’t as supported as they would like the general public to think. (Or perhaps it’s, as usual, my own fault for using beta software – Firefox 2 and Ubunty Edgy).
Anyway, I booted Windows and got the certificate renewed and created a backup. Back in ’04 the backup was actually the PKCS12 certificate file, but that is not the case anymore. Nowadays it’s a plain old HTML file with some in-line javascript that loads the “required” software to install the certificate. PKCS12 is pretty standard and doesn’t require any additional software, so I don’t get why I can’t just have the file directly.
The usual path for the PKCS12 file is to load the certificate in Internet Explorer using the html file, and then export it. But for some reason it’s not possible to export the private key, only the public key. I tried this both running Internet Explorer in Windows and through wine, but with no luck.
At this point I was kinda pissed and figured the html file must have some information regarding the PKCS12 file and surely it did. Looking at the javascript there’s a variable with the name “pkcs12”. This variable is base64 encoded though, since PKCS12 is a binary format. So I quickly hacked together a little python script that extract and converts the certificate, so it’s ready for use by Firefox, Evolution, etc.
If you have the same problems as me you can get the script here and run it like this:
./extractpkcs12.py backup_file.html output_certificate.pkcs
Yes! Saved my day(s).
Running OpenSuse 10.2 and Firefox.
Spent a lot of time figuring out this. Exporting from firefox just kept giving me an (unknown) error.
However a few notes.
Thunderbird is able to export just fine. Found that out since nemkonto.dk was not able to find certificate with extension .pkcs, so I imported to ThunderBird, and once exported it had extension .p12 (and that showed up on nemkonto.dk).
And by just renaming the extension of the file exported with your excellent script. Nemkonto will allow you to select it.
Tak fra Tommy til Tommy 🙂
I ended here via Google because I could not find out how to extract a PKCS12 file to use in my Thunderbird.
I am running Windows, so I also had to figure out that the Python script must be modified in order to save the PKCS12 file without conversion of new line endings. Add a ‘b’:
file = open(sys.argv[2], ‘wb’)
Med venlig hilsen
Gorm Vognsen Jensen
You saved my day!