subject:"RE\: combined certificate"

RE: combined certificate

2011-08-17 Thread Travis Dimmig

Thank you, I got it worked out.  I just had to concatenate the ca pem file to 
the client pem file and using that as the -in argument when export the pkcs12, 
then I had the full chain in one file.

Thank you to both you and yyy for your help.


Travis

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of hh.froehl...@francotyp.com
Sent: Wednesday, August 17, 2011 9:19 AM
To: openssl-users@openssl.org
Subject: RE: combined certificate

Perhaps, I am answering the wrong question but I use the following makefile 
receipts to do what I understand from your question:

trusted.cert.pem: $(ROOTCA)/root.root.crt.pem  \
  $(SUBCA)/proxy.root.crt.pem
  $(RM) -f $@
  cat $^ >$@

server.pfx: server.root.crt.pem \
server.key.sec.pem \
$(ROOTCA)/cacert.pem
  openssl pkcs12 \
-export  \
-passout pass:$(PFXPASS) \
-in $<   \
-inkey $(filter %sec.pem,$^) \
-certfile $(filter %cert.pem,$^) \
-out $@

client.pfx: client.$(subCA).crt.pem \
client.key.sec.pem \
trusted.cert.pem
  openssl pkcs12 \
-export  \
-passout pass:$(PFXPASS) \
-in $<   \
-inkey $(filter %sec.pem,$^) \
-certfile $(filter %cert.pem,$^) \
-out $@


From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> 
[mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]>
 On Behalf Of Travis Dimmig
Sent: Mittwoch, 17. August 2011 15:11
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: RE: combined certificate

Perhaps I am asking the wrong question.  Files types aside, can one create a 
single file that can be used to install a full chain of trust on a windows 
machine?


Travis

From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> 
[mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]>
 On Behalf Of Travis Dimmig
Sent: Friday, August 12, 2011 3:08 PM
To: openssl-users@openssl.org<mailto:openssl-users@openssl.org>
Subject: combined certificate

Can a .der file be combined with a .p12 file to install the full chain of trust 
with one file?


Travis Dimmig
Software Development Specialist
Impulse Point
www.impulse.com<http://www.impulse.com>


**

"LEGAL DISCLAIMER: As you are aware, messages sent by eMail can be manipulated 
or diverted by third parties. If not mentioned otherwise our eMail messages are 
generally not legally binding. This electronic message (including any 
attachments) contains confidential information and may be legally privileged or 
otherwise protected from disclosure and as such is intended only for the use by 
the intended recipients. Please be aware that any unauthorized disclosure, 
copy, distribution or use of the contents of this message is expressly 
prohibited. If you have received this eMail in error please understand that you 
must not copy this eMail or any attachment or disclose the contents to any 
other person. Please notify us immediately by reply eMail and delete this 
message and any attachments from your system. Thank you for your cooperation". 
The FP Group

**

RE: combined certificate

2011-08-17 Thread hh.froehlich

Perhaps, I am answering the wrong question but I use the following makefile 
receipts to do what I understand from your question:

 

trusted.cert.pem: $(ROOTCA)/root.root.crt.pem  \

  $(SUBCA)/proxy.root.crt.pem

  $(RM) -f $@

  cat $^ >$@

 

server.pfx: server.root.crt.pem \

server.key.sec.pem \

$(ROOTCA)/cacert.pem

  openssl pkcs12 \

-export  \

-passout pass:$(PFXPASS) \

-in $<   \

-inkey $(filter %sec.pem,$^) \

-certfile $(filter %cert.pem,$^) \

-out $@



client.pfx: client.$(subCA).crt.pem \

client.key.sec.pem \

trusted.cert.pem

  openssl pkcs12 \

-export  \

-passout pass:$(PFXPASS) \

-in $<   \

-inkey $(filter %sec.pem,$^) \

-certfile $(filter %cert.pem,$^) \

-out $@

 

 

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Travis Dimmig
Sent: Mittwoch, 17. August 2011 15:11
To: openssl-users@openssl.org
Subject: RE: combined certificate

 

Perhaps I am asking the wrong question.  Files types aside, can one create a 
single file that can be used to install a full chain of trust on a windows 
machine?

 

 

Travis

 

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Travis Dimmig
Sent: Friday, August 12, 2011 3:08 PM
To: openssl-users@openssl.org
Subject: combined certificate

 

Can a .der file be combined with a .p12 file to install the full chain of trust 
with one file?

 

 

Travis Dimmig

Software Development Specialist

Impulse Point

www.impulse.com 

 


**
"LEGAL DISCLAIMER: As you are aware, messages sent by eMail can be manipulated 
or diverted by third parties. If not mentioned otherwise our eMail messages are 
generally not legally binding. This electronic message (including any 
attachments) contains confidential information and may be legally privileged or 
otherwise protected from disclosure and as such is intended only for the use by 
the intended recipients. Please be aware that any unauthorized disclosure, 
copy, distribution or use of the contents of this message is expressly 
prohibited. If you have received this eMail in error please understand that you 
must not copy this eMail or any attachment or disclose the contents to any 
other person. Please notify us immediately by reply eMail and delete this 
message and any attachments from your system. Thank you for your cooperation". 
The FP Group
**

RE: combined certificate

2011-08-17 Thread yyy

p12 files can contain multiple certificates (full chain). It seems to install full chain,however i had root cert already installed, for this chain.I do not know, how to add a der (or pem) file to existing p12 file.Probably it wold be easier to make a new p12 filefrom all necessary der (or pem) files.For certificate management i have used xca(xca.sourceforge.net)(it is a GUI for openssl certificate management tools)(it does not handle ecdsa with anything else than sha1, though).    Citējot Travis Dimmig :  Perhaps I am asking the wrong question.  Files types aside, can one create a single file that can be used to install a full chain of trust on a windows machine?         Travis       From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Travis Dimmig Sent: Friday, August 12, 2011 3:08 PM To: openssl-users@openssl.org Subject: combined certificate   Can a .der file be combined with a .p12 file to install the full chain of trust with one file? 

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: combined certificate

2011-08-17 Thread Travis Dimmig

Perhaps I am asking the wrong question.  Files types aside, can one create a 
single file that can be used to install a full chain of trust on a windows 
machine?


Travis

From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] 
On Behalf Of Travis Dimmig
Sent: Friday, August 12, 2011 3:08 PM
To: openssl-users@openssl.org
Subject: combined certificate

Can a .der file be combined with a .p12 file to install the full chain of trust 
with one file?


Travis Dimmig
Software Development Specialist
Impulse Point
www.impulse.com

RE: combined certificate

RE: combined certificate

RE: combined certificate

RE: combined certificate

4 matches

Site Navigation

Mail list logo

Footer information