[Help-gnutls] Re: Include CA certificate in PKCS12

[Simon Josefsson]

Sascha Ziemann <sascha.ziemann at secunet.com> writes:

> Hi,
>
> it is useful to include the certificate of the CAs into a PKCS12 file,
> when delivering client PSEs. I tried to use the option
> --load-certificate twice while running "certtool --to-p12" but this does
> not seem to work. I also tried --load-ca-certificate but that does not
> work either.
>
> What is the right way to include two CA certificates into a PKCS12 file?

Hi!  Right now this isn't possible, but I implemented support for this
in CVS.  I haven't tested the resulting PKCS#12 blob with anything, so
I don't know exactly what various programs expect.  Unfortunately,
there are many ways to store multiple certificates in a PKCS#12
file...  Please let me know if/how it works for you.  Here is the news
entry:

** Certtool --to-p12 can now store more than one certificate in the blob.
Before it could only store one certificate, but now it will read and
store as many certificate there are from the --load-certificate file.
Suggested by Sascha Ziemann <sascha.ziemann at secunet.com>.

A sample run:

jas at mocca:~/src/gnutls/src$ ./certtool --to-p12 --load-certificate foo.pem > bar.p12
Generating a PKCS #12 structure...
Loading certificate list...
Loaded 3 certificates.
Enter a name for the key: hepp
Enter password:
jas at mocca:~/src/gnutls/src$

At least certtool is able to read and parse the result...

/Simon