Project

General

Profile

Certificates

erstellen von pkcs12 Cert (inkl. Intermediate Cert)

folgende files werden benötig:
  • server cert (server.crt)
  • intermediate cert (intermediate.crt)
  • root CA (root.crt)
  • private key (private.key)

Alle Cert Files in eine Datei kopieren

Dabei muss die Cert-Reinfolge beachtet werden.

-----BEGIN CERTIFICATE-----
  server.crt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
  intermediate.crt
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
  root.crt
-----END CERTIFICATE-----

cat server.crt intermediate.crt root.crt > bundle.crt

pkcs12 cert file erzeugen

openssl pkcs12 -export -in bundle.crt -inkey private.key -out yourCert.p12

pkcs12 cert prüfen

openssl pkcs12 -info -in yourCert.p12

Alle Cert Bestandteile sollten im Output zu sehen sein.
BSP Output(Alle drei CertFile sind enthalten):

MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    localKeyID: B3 5E 29 82 AB B8 9B A3 0A 00 6A CD 9B 62 5B 39 59 39 A1 DA 
subject=/CN=1.cineapp.de
issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
Certificate bag
Bag Attributes: <No Attributes>
subject=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
-----BEGIN CERTIFICATE-----
....
-----END CERTIFICATE-----
Certificate bag
Bag Attributes: <No Attributes>
subject=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
-----BEGIN CERTIFICATE-----
.......
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    localKeyID: B3 5E 29 82 AB B8 9B A3 0A 00 6A CD 9B 62 5B 39 59 39 A1 DA 
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
.......
-----END ENCRYPTED PRIVATE KEY-----