Hello,
the following skript generates a PKCS#12 container with private key plus
certificate chain;
NAME="em...@domain.tld"
CANAME="CA name"
PASSPHRASE="passphrase"
openssl pkcs12 -export -name "$NAME" -caname "$CANAME" -caname "$CANAME"
-inkey ./cert.key -passin pass:${PASSPHRASE} -in ./cert.crt -CAfile
./chainedCAs.crt -chain -out ./cert.p12 -passout pass:${PASSPHRASE}
cert.key ... privatekey, decrypted with passphrase $PASSPHRASE
cert.crt ... certificate in PEM format
chainedCAs.crt ... concatenated certificates of sub CA and root CA in
PEM format
(cert.crt has been signed with the sub CA certificate)
when importing the certificate in Thunderbird, it will not import the
root CA certificate;
when only generating the PKCS#12 container with this:
openssl pkcs12 -export -name "$NAME" -inkey ./cert.key -passin
pass:${PASSPHRASE} -in ./cert.crt -CAfile ./chainedCAs.crt -chain -out
./cert.p12 -passout pass:${PASSPHRASE}
everything works fine;
the question: how often do I have to use the parameter -caname?
once at all? once for each certificate in the chainedCAs.crt?
Thanks,
Walter
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org