Hi All, I am attempting to create a p12 file which will include both intermediate and root CA certificates in addition to the key and server certificate. I keep getting "Error unable to get local issuer certificate getting chain". I have checked the subject, issuer, AKI, and SKI for all certs and everything seems right (see below). Can someone please tell me what I'm missing here or what I should look at next in troubleshooting? Command: openssl pkcs12 -export -in ../testprod.pem -inkey ../testprod.key -out ../testprod.p12 -name "tomcat" -CAfile ../IssuingCA.pem -caname "Issuing CA" -CAfile ../RootCA.pem -caname "Root CA" -chain Subject/Issuer: C:\OpenSSL\bin>openssl x509 -in ..\testprod.pem -issuer -noout issuer= /C=US/O=JTV /CN=ISSUING CA C:\OpenSSL\bin>openssl x509 -in ..\IssuingCA.pem -subject -issuer -noout subject= /C=US/O=JTV /CN=ISSUING CA issuer= /C=US/O=ACN /CN=ROOT CA C:\OpenSSL\bin>openssl x509 -in ..\RootCA.pem -subject -issuer -noout subject= /C=US/O=ACN /CN=ROOT CA issuer= /C=US/O=ACN /CN=ROOT CA AKI End Enitity - e3 65 a1 dc 05 53 7b 9c a3 86 80 a4 8f 71 38 79 f2 5e c9 7d JTV: 82 9f 24 f0 7e 1e d3 47 c2 0d 8f 01 00 2b 7e 9e c0 6b 0f bc ACN: 82 9f 24 f0 7e 1e d3 47 c2 0d 8f 01 00 2b 7e 9e c0 6b 0f bc SKI: End-Enitity: 47 23 7e 62 52 55 92 2c 3f aa e8 4c b3 54 e7 30 80 48 cc a1 JTV:e3 65 a1 dc 05 53 7b 9c a3 86 80 a4 8f 71 38 79 f2 5e c9 7d ACN: 82 9f 24 f0 7e 1e d3 47 c2 0d 8f 01 00 2b 7e 9e c0 6b 0f bc Thanks, Karen
Problem with creating p12 file with chain
Reinhardt, Karen - Contractor Wed, 06 Feb 2008 00:49:43 -0800
- Problem with creating p12 file with chain Reinhardt, Karen - Contractor
- Re: Problem with creating p12 file with... Bernhard Froehlich
