Nevermind the last message, you said *concatenate* the CA certificate together. So, this is what i did:

Root cert:
cat ca.crt > cachain.pem

Int-ca cert:

cat int-ca.crt >> cachain.pem

Ran the following but it didn't work:

openssl pkcs12 -export -out someone.pfx -inkey someone.key -in someone.crt -certfile cachain.pem -passout:somepassword

On 11/19/2012 10:02 AM, Dr. Stephen Henson wrote:
On Mon, Nov 19, 2012, Deeztek.com Support wrote:

I have created a CA and an intermediate CA. I use the intermediate
CA to create self-signed s/mime certificates for end users which
works fine. I need to be able to create .pfx files form those end
user certificates and include the CA chain into the pfx file.
Currently the command I use to export the user certificates to .pfx
is as follows:

  openssl pkcs12 -export -out someone.pfx -inkey someone.key -in
someone.crt  -passout:somepassword

This works fine but when i import the .pfx file into my windows
sytem, the certificate chain is not there and I have no way of
trusting the certificate. How would I go about including the
certificate chain into the pfx file?

Concatenate the CA certificate together and use the -certfile option. See:

http://www.openssl.org/docs/apps/pkcs12.html#FILE_CREATION_OPTIONS

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org


--
Deeztek.com Support
http://www.deeztek.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to