On Mon, Mar 16, 2009 at 06:00:13AM -0700, sudeepta wrote:
> I am writing a server application which is supposed to use certificates/keys
> in DER format only.
Why? Any why not convert any provided DER to PEM and use that?
> In my code, I am using the following functions for
> loading the server certificate and its private key respectively.
>
> SSL_CTX_use_certificate_file(pSSLCtx,"server.cer",SSL_FILETYPE_ASN1) and
If you read the manpage for this function, you'll see:
SSL_CTX_use_certificate() loads the certificate x into ctx,
SSL_use_certificate() loads x into ssl. The rest of the certificates
needed to form the complete certificate chain can be specified using
the SSL_CTX_add_extra_chain_cert(3) function.
...
SSL_CTX_use_certificate_chain_file() adds the first certificate found
in the file to the certificate store. The other certificates are added
to the store of chain certificates using
SSL_CTX_add_extra_chain_cert(3). There exists only one extra chain
store, so that the same chain is appended to both types of certifi-
cates, RSA and DSA! If it is not intended to use both type of certifi-
cate at the same time, it is recommended to use the SSL_CTX_use_cer-
tificate_chain_file() instead of the SSL_CTX_use_certificate_file()
function in order to allow the use of complete certificate chains even
when no trusted CA storage is used or when the CA issuing the certifi-
cate shall not be added to the trusted CA storage.
> Is there any other function which uses ASN1/DER format? Or do i have to
> convert the root CA file into PEM format before using?
It is much easier to work with PEM. Convert both certs into PEM and put
them into a single file in the right order.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
