Arnaud De Timmerman wrote: > > hi, > > >[3 level CA info deleted] > > >that reply was intended to show how you create a CA chain with 3 or more > >certificates in it. If you just want a root CA and an end user > >certificate then read the CA.pl manual page, as indicated in the FAQ. > > I checked the CA.pl manual (and the script) and if I change the pkcs12 case, > adding -chain in the command line, the output is : > ******************* > Enter PEM pass phrase: > Error unable to get local issuer certificate getting chain. > ******************* > So it seems that the certificate hierarchy isn't complete yet :( > > Help says : > "The standard CA store is used for this search." Is is the index.txt file > pointed by openssl.cnf ? > How can I be sure the certificate I create (particulary the root one) goes in > this store as well ? > It depends on the application, in the case of 'pkcs12' the store is in the standard location (/usr/local/ssl/certs) however if you are using Win32 then this wont work. Other applications may be configurable for different locations. All the pkcs12 -chain option does is automatically retrieve the chain if possible. Manually including the chain with the -certfile option has the same effect. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
