On Monday 06 Jan 2014 12:22:49 Heiko Heil wrote:
> Hello Mick,
>
> On Sun, Jan 05, 2014 at 08:34:52PM +0000, Mick wrote:
> >> I found the description of those fields in smime.c:
> >> /* 0=email 1=name 2=nick 3=intermediate 4=trust */ (line 397)
> >> Just wondering why "smime_keys add_p12" didn't insert the
> >> intermediate certificate ("?").
> >
> >Could it be that the intermediate cert was not part of the p12 file
> >bundle?
>
> I just double-checked this: The Firefox-export didn't contain the
> intermediate cert.
>
> But also extracting certificates from a smime-signed-e-mail (Ctrl-k)
> doesn't work (? as intermediate). I use the S/MIME-configuration from my
> homebrew setup
> (homebrew/Cellar/mutt/1.5.22/share/doc/mutt/samples/smime.rc).
>
> Maybe I will check the workaround described on
> http://wiki.cacert.org/EmailCertificates the next time.
>
> Best regards,
> HeikoYou can use this to look into the p12 file: openssl pkcs12 -in your_cert.p12 -info If it contains the whole chain you will see more than one certificate in there. To build your own bundle export your cert from Firefox in pkcs12 format (e.g. backup.p12) and then try this: openssl pkcs12 -export -out full_bundle.p12 -certfile intermediate.pem -in backup.p12 -name "My 2014 S/MIME certificate" An alternative way to do the same would be to include the whole chain of root CA and intermediate certificates by using the option '-chain': openssl pkcs12 -export -out full_bundle.p12 -chain -in backup.p12 -name "My 2014 S/MIME certificate" This assumes that your CA and any intermediate certificates have already been imported in your OS default CA store. If any of them is not there the command will fail. For more details look into 'man openssl-pkcs12' in case I have any errors in the syntax above. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
