Dave, Now I understand, why it doesn't work. Still, I'm a "normal" user, so writing my own program is a not an option for me :). I'll tell the company that they have to change their program to allow using other formats (other than binary der).
Rockintein Dave Thompson-5 wrote: > >> From: owner-openssl-us...@openssl.org On Behalf Of rockinein >> Sent: Friday, 25 May, 2012 08:58 > >> I need help with certificate chain (with intermediate CA). I >> need to convert pem to der. >> >> There is a command: >> >> openssl x509 -in something.pem -out something.der -outform der >> >> Problem is that when I use this command and there are more >> CAs in pem (more >> begin/end certificate), it converts only 1st CA and cuts out others. >> > Yes, the x509 command processes only one cert and ignores > anything else in PEM input (either comments, or other certs). > (For example, you can put a PEM cert and a PEM privatekey > together in one file. PEM_read_X509 or commandline x509 will > read the cert and ignore the privatekey; PEM_read_PrivateKey > or commandline rsa etc. will ignore the cert and read the key.) > > Using commandline, you have to break the input into separate > files for each cert, process all, and use the results (below). > On Unix, or on Windows with Unix tools added, this is easy > with awk or perl, probably doable with some effort with shell > and sed or maybe grep. On plain Windows I can't help you. > On any OS you could write a program to feed files to commandline, > but it's easy(er?) to eliminate commandline, see next. > > Writing your own program, you could just loop PEM_read[_bio]_X509 > until EOF and i2d_X509_fp|bio (or to memory and fwrite) plus any > additional structure you need. > > Note that just a sequence of DER certs is not itself valid DER, > although it is sometimes used. If you need valid DER, you must > define/determine what it is, for example a DER PKCS#7 *containing* > the sequence of certs is one standard way of handling a chain. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/converting-pem-to-der-tp33907769p33911967.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
