Thank you, I got it worked out. I just had to concatenate the ca pem file to the client pem file and using that as the -in argument when export the pkcs12, then I had the full chain in one file.
Thank you to both you and yyy for your help. Travis From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of hh.froehl...@francotyp.com Sent: Wednesday, August 17, 2011 9:19 AM To: openssl-users@openssl.org Subject: RE: combined certificate Perhaps, I am answering the wrong question but I use the following makefile receipts to do what I understand from your question: trusted.cert.pem: $(ROOTCA)/root.root.crt.pem \ $(SUBCA)/proxy.root.crt.pem $(RM) -f $@ cat $^ >$@ server.pfx: server.root.crt.pem \ server.key.sec.pem \ $(ROOTCA)/cacert.pem openssl pkcs12 \ -export \ -passout pass:$(PFXPASS) \ -in $< \ -inkey $(filter %sec.pem,$^) \ -certfile $(filter %cert.pem,$^) \ -out $@ client.pfx: client.$(subCA).crt.pem \ client.key.sec.pem \ trusted.cert.pem openssl pkcs12 \ -export \ -passout pass:$(PFXPASS) \ -in $< \ -inkey $(filter %sec.pem,$^) \ -certfile $(filter %cert.pem,$^) \ -out $@ From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]> On Behalf Of Travis Dimmig Sent: Mittwoch, 17. August 2011 15:11 To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: RE: combined certificate Perhaps I am asking the wrong question. Files types aside, can one create a single file that can be used to install a full chain of trust on a windows machine? Travis From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org]<mailto:[mailto:owner-openssl-us...@openssl.org]> On Behalf Of Travis Dimmig Sent: Friday, August 12, 2011 3:08 PM To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Subject: combined certificate Can a .der file be combined with a .p12 file to install the full chain of trust with one file? Travis Dimmig Software Development Specialist Impulse Point www.impulse.com<http://www.impulse.com> ********************************************************************** "LEGAL DISCLAIMER: As you are aware, messages sent by eMail can be manipulated or diverted by third parties. If not mentioned otherwise our eMail messages are generally not legally binding. This electronic message (including any attachments) contains confidential information and may be legally privileged or otherwise protected from disclosure and as such is intended only for the use by the intended recipients. Please be aware that any unauthorized disclosure, copy, distribution or use of the contents of this message is expressly prohibited. If you have received this eMail in error please understand that you must not copy this eMail or any attachment or disclose the contents to any other person. Please notify us immediately by reply eMail and delete this message and any attachments from your system. Thank you for your cooperation". The FP Group **********************************************************************