Creating/Importing Mullvad PKCS#12 into iOS Keychain

dugadugadid · Post by **dugadugadid** » Wed Mar 28, 2018 2:23 am

Mullvad offers users a simple opvn file for IOS, which includes an embedded Cert, and PEM.

For windows, I also have an independent .crt, and .pem file; and no "key" file. (example: mullvad_crl.pem, mullvad_ca.crt)

mullvad_ca.crt example:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=NA, ST=None, L=None, O=Mullvad, CN=Mullvad CA/emailAddress=dugadugadid@mullvad.net
Validity
Not Before: Jan 11 16:19:48 1730 GMT
Not After : Oct 55 16:19:48 1203 GMT
Subject: C=NA, ST=None, L=None, O=Mullvad, CN=master.mullvad.net/emailAddress=dugadugadid@mullvad.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
99:32:...etc
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:3A:3B...etc
X509v3 Authority Key Identifier:
keyid:E1:...etc
DirName:/C=NA/ST=None/L=None/O=Mullvad/CN=Mullvad CA/emailAddress=dugadugadid@mullvad.net
serial:E4...etc

X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
d2:g6:54:6f:...etc
-----BEGIN CERTIFICATE-----
*****
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
****
-----END CERTIFICATE-----
"

Pem File example:
-----BEGIN X509 CRL-----
etc
-----END X509 CRL-----

Your tutorial suggests using openssl to convert ca's, certs and keys into an pkcs12 opvn12 file;

https://docs.openvpn.net/connecting/con ... S_Keychain

Quoting form the tutorial:

"openssl pkcs12 -export -in cert -inkey key -certfile ca -name MyClient -out client.ovpn12"

The problem is I don't have a "ca," or a "key", only a .crt, and .pem file. (unless of course .pem is another extension for .key, and the ca is embedded inside the .crt) -- I have tried renaming pem to key openssl gave me an error.

So my question is how do I create an IOS compatible PKCS#12 from these .crt and .pem files?