> -----Original Message----- > From: Lutz Jaenicke > > Forwarded to openssl-users for discussion. > > Best regards, > Lutz > ----- Forwarded message from Alexander Mills ----- > > From: Alexander Mills > > Recently I was tasked with using a .crt and .key used in Apache for > use with Apache Tomcat. I searched around and the solution was to use > the following command, where the p7b file is the intermediate > certificate provided by Thawte. > > openssl pkcs12 -export -in myCert.crt -inkey myKey.key -out > mypkcs12.p12 -name tomcat -CAfile ssl_pkcs7.p7b -caname root -chain > > For some reason, which I am yet to fathom, the above command will not > export the intermediate chain, and thus the certificate becomes > untrustworthy.
The following command works for me: $openssl pkcs12 -export -in cert.pem -inkey key.pem -name mylabel -chain -CAfile ca_path.pem -out archive.p12 -passout pass:mypassphrase ca_path.pem contains the concatenated CA certificates of cert.pem's certificate chain, encoded in PEM-format. So obviously what you pass in via -CAfile has the wrong format. Also make sure that all CA certificates of your chain are included in that file. HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
