Combining SSL certificates
m.seaman at infracaninophile.co.uk
Fri Apr 2 17:34:41 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 02/04/2010 17:19:02, Adam Vande More wrote:
> On Fri, Apr 2, 2010 at 9:04 AM, Jerry <freebsd.user at seibercom.net> wrote:
>> Is it possible to combine all of the certificates in a chain into one
>> *.pem file?
>> openssl s_client -connect imap.gmail.com:993 -crlf -showcerts
>> This would show, in this case anyway, two certificates. Could I combine
>> both certs into on file, example: gmail-imap.pem and then run
>> 'c_rehash' on the file or do I have to save both certs in separate
>> files to complete the chain?
> Doesn't it work to simply concatenate pem's together? I was my
> understanding it was possible to do that, but perhaps order of concatenation
> matters. So make sure you're dealing with pem's and cat together with root
> being last and I think it should work.
Depends on the application I think. Some applications like SSL key and
cert in the same file. Some applications want them separate. Some
applications like SSL Certs and all of the CA-Cert keys used to sign it
concatenated together; others like separate files for CA-Certs; yet
others only want CA Certs which aren't from one of the well-known root CAs.
Can't say as I've ever run into an app that likes several different keys
or certs in the same file [well, except for Java keystores, but in that
case the appropriate response is to scream and run away very quickly]
You pays your money, and you takes your choice.
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the freebsd-questions