This is a discussion on Re: How to store Multiple Certificates in PKCS12 File. - Openssl ; On Tue, Jan 29, 2008, Milinda Pathirage wrote: > Hi all, > Please apologize me if this is a dumb question. > I am currently involved in project which I need to create key store which > has functions like ...
On Tue, Jan 29, 2008, Milinda Pathirage wrote:
> Hi all,
> Please apologize me if this is a dumb question.
> I am currently involved in project which I need to create key store which
> has functions like Java Key Store in C. My requirements is to store several
> X509 certificates with owner's certificate and private key in a pkcs12 file.
> And my programming interface must be capable of retrieving any of the
> certificate store in that key store file.
> I tried following command to store my certificate, my private key,
> another x509 certificate and CA certificate and command worked well.
>  openssl pkcs12 -export -in ksb_cert.pem -inkey ksb_priv_key.pem -CAfile
> ca_cert.pem -certfile sup_cert.pem -name "test" -out final_3.p12
The -CAfile option supplies trusted CA certificates that *may* be needed to
include the whole certificate chain. If you don't include the -chain option
they wont be used and even then only those necessary to include the complete
chain will be used.
> But this PKCS12_verify_mac(store->pkcs12_in, pass,-1) function calls return
> 0 always even though I give the correct password. I use my own structure to
> store the PKCS12 structure.
See what error you get. Could be an FAQ:
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager email@example.com