Root ca chain in one file

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Root ca chain in one file

Martijn Moret
Hi,

One of our customers is using a certificate from globalsign.
They use three root certificate's in the chain.

Is there a way to create a pem formatted file with all three certificate's
from the chain?

Regards
Martijn

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Root ca chain in one file

Richard Salz
> One of our customers is using a certificate from globalsign.
> They use three root certificate's in the chain.

A definition of root certificate is that nobody in the chain comes after
it.  So you don't mean three root certificates, but perhaps three
intermediates or two intermediates and a root.
 
> Is there a way to create a pem formatted file with all three
certificate's
> from the chain?

You can just paste all three PEM files together, but that probably will
not get the effect that you want.  The normal PEM_read, etc., functions
stop when they find the first object of the right type.  If you want to
read in a multiple certs from a single file, you probably want to use a
data format such as PKCS7 or PKCS12 that supports it natively.

        /r$

--
SOA Appliance Group
IBM Application Integration Middleware


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Root ca chain in one file

Frank Laub

The normal PEM_read, etc., functions
stop when they find the first object of the right type.  If you want to
read in a multiple certs from a single file, you probably want to use a
data format such as PKCS7 or PKCS12 that supports it natively.

Actually you can use PEM_X509_INFO_read_bio() to read in a chain of PEM encoded certs. Each element of the stack that is returned is an X509_INFO. This is sort of a 'wrapper' that contains a pointer to the actual X509 cert.

-Frank