CAFile

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

CAFile

alexander.berger
Hello everybody

For some hours now I try to find out how to create CAfile (a file with multiple CAs inside, the one file counterpart of -CApath).
I need such a file for HTTPS Client authentification together with the yaws webserver. In the yaws user guide they write that
it is a plain old openssl "cacertfile", but neither on the openssl homepage nor somewhere else (google) did I find a description
of that file format resp. an explanation howto create such a file.

Could anybody please give me an example or point me to the right documentation?

Thanks for any help.
Kind Regards
Alex
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
dal
Reply | Threaded
Open this post in threaded view
|

Re: CAFile

dal
I'm not sure, but shouldn't it be possible to simply use cat? Something
like:

cat ca1.pem ca2.pem ... caN.pem > CAfile.pem

But I might be wrong...

Regards
Carolin

[hidden email] wrote:

> Hello everybody
>
> For some hours now I try to find out how to create CAfile (a file with multiple CAs inside, the one file counterpart of -CApath).
> I need such a file for HTTPS Client authentification together with the yaws webserver. In the yaws user guide they write that
> it is a plain old openssl "cacertfile", but neither on the openssl homepage nor somewhere else (google) did I find a description
> of that file format resp. an explanation howto create such a file.
>
> Could anybody please give me an example or point me to the right documentation?
>
> Thanks for any help.
> Kind Regards
> Alex
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>  

--
Carolin Latze
Research Assistant

Department of Computer Science
Boulevard de Pérolles 90
CH-1700 Fribourg

phone: +41 26 300 83 30


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CAFile

Bernhard Fröhlich-2
In reply to this post by alexander.berger
[hidden email] schrieb:
> Hello everybody
>
> For some hours now I try to find out how to create CAfile (a file with multiple CAs inside, the one file counterpart of -CApath).
> I need such a file for HTTPS Client authentification together with the yaws webserver. In the yaws user guide they write that
> it is a plain old openssl "cacertfile", but neither on the openssl homepage nor somewhere else (google) did I find a description
> of that file format resp. an explanation howto create such a file.
>
> Could anybody please give me an example or point me to the right documentation?
>  

A CAfile consists of concatenated PEM-encoded certificate files. So if
you have two CA certificates just do "cat ca1.pem ca2.pem > cafile.pem".

Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: CAFile

Steffen DETTMER
In reply to this post by alexander.berger
* [hidden email] wrote on Wed, Mar 26, 2008 at 18:26 +0100:
> For some hours now I try to find out how to create CAfile (a
> file with multiple CAs inside, the one file counterpart of
> -CApath).
>
> Could anybody please give me an example

Not sure if I understand you right, but if you want to generate a
`certificate bundle file' from several `PEM' X.509 CA
certificates (files with "-----BEGIN CERTIFICATE-----" etc) you
may try:

$ cat *.crt.pem > ca-bundle.crt

oki,

Steffen
 
About Ingenico Throughout the world businesses rely on Ingenico for secure and expedient electronic transaction acceptance. Ingenico products leverage proven technology, established standards and unparalleled ergonomics to provide optimal reliability, versatility and usability. This comprehensive range of products is complemented by a global array of services and partnerships, enabling businesses in a number of vertical sectors to accept transactions anywhere their business takes them.
www.ingenico.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]