On Mon, Aug 27, 2007, xor exor wrote: > Hi i have 3 certs > > 1.root self signed CA > 2.intermediate CA-signed with root CA > 3.client cert -signed with intermediate CA > > So i want with them to create a cert chain and sign a pkcs7 document.(By > including them into the pkcs 7 document a detached one) > And after that to verify the pkcs 7 document by extracting the cert chain. > > Which commands should i use ? I have read the manual and tried lots of > combinations but couldnt achieve any succes!
Well firstly the intermediate CA needs to have the correct extensions. If it is created in the same way as a normal certificate it will *not*. That is just as well or anyone could be a CA. Once you've done that you sign the email with the usual smime -sign command but include the intermediate CA with the -certfile option. If the chain is OK then just including the root CA with smime -verify should be sufficient. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
