You ask for two things:
- creation of a file: Just put all the certs together in pem format starting with the entity cert, and use this as -in parameter.- parsing: There can be multiple chains. You have to find one yourself in the CA list that goes up to a desired trust anchor and through intermediate certs, etc. One possibility is to load all acceptable ca certs from the ca list into a
store and then verify the ee cert. This builds a chain. Jean-Marc Desperrier wrote:
Dr. Stephen Henson wrote:PKCS12_parse() in its current form will only handle well formed PKCS#12 files which contain a private key, its corresponding certificate and zero or moreThe PKCS#12 standard doesn't seem to require that a PKCS#12 files contains all of this, I've seen some with only private keys, and also with only certificates.CA certificates.Is there a way openssl can handle the format so a whole certificat chain is associated to the private not just its corresponding certificate ? Sorry I don't know what exactly it corresponds to technically but usually PKCS#12 loaded from java appear as you describe "1 key entry, together with a certificate, n ca cert entry", but it's possible to create a pkcs#12 that appears to java as "1 key entry, together with a certificate chain, n ca cert entry". Until now I have been able to create such p12 only with java tools, never with openssl.______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
--To verify the signature, see http://edelpki.edelweb.fr/ Cela vous permet de charger le certificat de l'autorité; die Liste mit zurückgerufenen Zertifikaten finden Sie da auch.
smime.p7s
Description: S/MIME Cryptographic Signature
