On Mon, Nov 19, 2012, Deeztek.com Support wrote: > > I have created a CA and an intermediate CA. I use the intermediate > CA to create self-signed s/mime certificates for end users which > works fine. I need to be able to create .pfx files form those end > user certificates and include the CA chain into the pfx file. > Currently the command I use to export the user certificates to .pfx > is as follows: > > openssl pkcs12 -export -out someone.pfx -inkey someone.key -in > someone.crt -passout:somepassword > > This works fine but when i import the .pfx file into my windows > sytem, the certificate chain is not there and I have no way of > trusting the certificate. How would I go about including the > certificate chain into the pfx file? >
Concatenate the CA certificate together and use the -certfile option. See: http://www.openssl.org/docs/apps/pkcs12.html#FILE_CREATION_OPTIONS Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org