hello, i want to export my CA certificate as PKCS#12 file so that I can use it in a Java application. however, i don't want to include my CA private key.
firstly (pardon my ignorance on these crypto-standards, but) can there be a PKCS#12 file which does not include a private key? why does the following command outputs an empty file (ca.p12) "openssl pkcs12 -in ca.crt -inkey private/ca.key -out ca.p12 -export -nokeys" secondly, isn't it possible to include the CA cert along with some other certificate and its corresponding private-key: i.e. if server.crt is signed by my ca and i want to bundle server.crt, ca.crt and server.key into one pkcs file - shouldn't the following command do it - "openssl pkcs12 -in server.crt -inkey private/server.key -certfile ca.crt -out server.p12 -export" but it only includes server.crt and server.key even the following: "openssl pkcs12 -in server.crt -inkey private/server.key -certfile ca.crt -out server.p12 -export -chain -CAfile ca.crt" fails to include ca.crt what am i missing? please help. thanks, ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]