On Tue, Jan 29, 2008, Milinda Pathirage wrote: > Hi all, > Please apologize me if this is a dumb question. > I am currently involved in project which I need to create key store which > has functions like Java Key Store in C. My requirements is to store several > X509 certificates with owner's certificate and private key in a pkcs12 file. > And my programming interface must be capable of retrieving any of the > certificate store in that key store file. > I tried following command[1] to store my certificate, my private key, > another x509 certificate and CA certificate and command worked well. > > [1] openssl pkcs12 -export -in ksb_cert.pem -inkey ksb_priv_key.pem -CAfile > ca_cert.pem -certfile sup_cert.pem -name "test" -out final_3.p12 >
The -CAfile option supplies trusted CA certificates that *may* be needed to include the whole certificate chain. If you don't include the -chain option they wont be used and even then only those necessary to include the complete chain will be used. > > > But this PKCS12_verify_mac(store->pkcs12_in, pass,-1) function calls return > 0 always even though I give the correct password. I use my own structure to > store the PKCS12 structure. > See what error you get. Could be an FAQ: http://www.openssl.org/support/faq.html#PROG8 Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
