"Wang, Kate" wrote: > > Hi, everyone, > > Here is another novice question. > > Is there any easy way to find out the subject certificate out of a PKCS7 > certificate included the whole chain? > > Or more specifically, if I use "openssl PKCS7" command to convert a PKCS7 > certificate into PEM format, or "openssl pkcs12" to convert pkcs12 format > into PEM, can I assume the subject certificate would be the first > certificate? >
PKCS#7 is not a certificate. PKCS#12 is not a certificate. PKCS#7 defines the Cryptographic Message Syntax -- PKCS#12 defines the Personal Information Exchange Syntax. If a party encodes a certificate chain in a PKCS#7, it's up to whatever convention is in use to determine whether the subject cert is first. A PKCS#12 is a bag. Presumably you can match on the SubjectName? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
