Thanks Steve That's exactly that I wanted. ;)
In fact I'd like to test client certification in our product. I'm using openssl s_client as testing utility. I tried it with self-signed certificate, certificate (with different CA and their associated CRL), and I wanted to try with sending a full certificate chain, but it seems that openssl s_client does not do that (-cert option is expecting a PEM certificate). I tried to add the CA certificate using -CAfile option, but the client does not send the full certificate chain. I just can see my client certificate (using -debug) How can I force my openssls_client to send the full certificate chain? Fred -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Dr. Stephen Henson Envoyé : mercredi 17 novembre 2004 20:21 À : [EMAIL PROTECTED] Objet : Re: Certificate Chain On Wed, Nov 17, 2004, Frédéric Donnat wrote: > Hi all, > > I've no probleme generating CA, client key, CSR, and certificate even > export in, pkcs12 format. > > I do not succeded to create certificate chain. > I have a look at x509, pkcs7 pkcs12 options without any success. Maybe > i missed something... > > As someone the answer?. Or can anyone put me in the rigth direction. > If you have those you already have a "certificate chain" the CA(s) and the user certificate. I suspect you want to package the certificates into some other format. The most common is PKCS#7 and the crl2pkcs7 utility can do that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
