hello,

i want to export my CA certificate as PKCS#12 file so that I can use
it in a Java application.
however, i don't want to include my CA private key.

firstly (pardon my ignorance on these crypto-standards, but) can there
be a PKCS#12 file which does not include a private key?
why does the following command outputs an empty file (ca.p12)
"openssl pkcs12 -in ca.crt -inkey private/ca.key -out ca.p12 -export -nokeys"

secondly, isn't it possible to include the CA cert along with some
other certificate and its corresponding private-key:
i.e. if server.crt is signed by my ca and i want to bundle server.crt,
ca.crt and server.key into one pkcs file - shouldn't the following
command do it -
"openssl pkcs12 -in server.crt -inkey private/server.key -certfile
ca.crt -out server.p12 -export"
but it only includes server.crt and server.key
even the following:
"openssl pkcs12 -in server.crt -inkey private/server.key -certfile
ca.crt -out server.p12 -export -chain -CAfile ca.crt"
fails to include ca.crt

what am i missing? please help.

thanks,
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to