go to  ForumEasy.com   
JavaPro
Home » Archive » Message


[Email To Friend][View in Live Context][prev topic « prev post | next post » next topic]
  Create PKCS#12 bundle with chain for server
 
Subject: Create PKCS#12 bundle with chain for server
Author: authen
In response to: Create PKCS#12 bundle with chain
Posted on: 12/21/2015 08:36:41 PM

C:\OpenSSL64>openssl pkcs12 -export -inkey myCA\servers\ldap-server-private-key.pem 
  -certfile myCA\interCA\certnew.pem 
  -in myCA\servers\ldap-server.pem -out myCA\servers\ldap-server.p12
Loading 'screen' into random state - done
Enter pass phrase for myCA\servers\ldap-server-private-key.pem:passphrase-of-private-key
Enter Export Password:any-password-to-protect-p12-store
Verifying - Enter Export Password:any-password-to-protect-p12-store



 

> On 09/12/2015 01:24:00 AM authen wrote:


C:\OpenSSL64>openssl pkcs12 -export -inkey myCA\users\joe-private-key.pem 
  -certfile myCA\interCA\certnew.pem 
  -in myCA\users\joe_email.pem -out myCA\users\joe_email.p12

Loading 'screen' into random state - done
Enter pass phrase for myCA\users\joe-private-key.pem:passphrase
Enter Export Password:passphrase
Verifying - Enter Export Password:passphrase


View the PKCS#12 store
C:\OpenSSL64>openssl pkcs12 -in myCA\users\joe_email.p12 -nodes -info
Enter Import Password:passphrase

MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Bag Attributes
    localKeyID: 1C 06 3F 2A 60 8A EE E7 B1 58 9C F6 BA 85 CF 9F 6B BD 08 1F
subject=/DC=DC=org, DC=simple, O=Simple Inc, CN=Joe Smith
issuer=/DC=org/DC=simple/O=Simple Inc/OU=Simple Signing CA/CN=Simple Signing CA
-----BEGIN CERTIFICATE-----
MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQUFADB6MRMwEQYKCZImiZPyLGQB
GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
SW5jMRowGAYDVQQLDBFTaW1wbGUgU2lnbmluZyBDQTEaMBgGA1UEAwwRU2ltcGxl
IFNpZ25pbmcgQ0EwHhcNMTUwOTEwMTg1MjUzWhcNMTcwOTA5MTg1MjUzWjA/MT0w
OwYKCZImiZPyLGQBGRYtREM9b3JnLCBEQz1zaW1wbGUsIE89U2ltcGxlIEluYywg
Q049Sm9lIFNtaXRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyJb
wSIFLUwzketwXMfCqDoESC567N4ZXCpBzKXNuB0+kjO0KqP0hUHReaens3QLTPiZ
c4uy8fkGylfIuiSlwl40rEL+F3M7lLlebxUmtmAzG3ePJUE81quNY6zv8fhBUYj4
yKDUiKv5p6pEY73dATJPzduJSxvzZwYdKtlJUXYqFasqPIZvTzGNePWdiQwyucMK
wKllW9FoK1TTDNvoD8dAieLVcxcla0kov7I1GrOAS4VoZzVOSZp9taeb+I0SWOc3
u7o21VnJTQ729HneJN8Q9RkMYJ0KFlsOJ/LCf9s5cnrf7ffkisCyRw3FlIN17a4y
M5x2Y7y76ncctVEFaQIDAQABo4GYMIGVMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRME
AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAdBgNVHQ4EFgQUjGLn
zhIZZLKtOvl0YKq4PnpCRKowHwYDVR0jBBgwFoAUpuK6lHc7YuhWjM2jr1/J/Sla
OrUwGQYDVR0RBBIwEIEOam9lQHNpbXBsZS5vcmcwDQYJKoZIhvcNAQEFBQADggEB
AMtLuHqmeD3ygrnVP7N8DTZGyupPRWaiSiV/cAP76kHVhqPLIINR9G5DMTu0V36T
RTW354LN13IHDg/GxmwJQHu5fDQQOwUxB1i3lFGQESuMVe9+ojZez4fdGnAooRAh
TZA3ITQyYoeuCc6HXN1f6mDehWk0qJLy7uvAzUzzQbAxvASKcNIbk6KmHxqdruyZ
WkXbDlJY7A1/VlMLSPh35DAxLDzCf1M6uKbxVtXpyOA4+QGKym7KYBwthCUmQc1i
NZnDlTRBEUD7j2e7yn3Hp2Ars4Y+m5k2KrAVU2U8rOKeAG5ftFadAnbAQFNICrKu
J1GZH0/8qaYUlyfNStYNO20=
-----END CERTIFICATE-----
Certificate bag
Bag Attributes: <No Attributes>
subject=/DC=org/DC=simple/O=Simple Inc/OU=Simple Signing CA/CN=Simple Signing CA

issuer=/DC=org/DC=simple/O=Simple Inc/OU=Simple Root CA/CN=Simple Root CA
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgIBATANBgkqhkiG9w0BAQUFADB0MRMwEQYKCZImiZPyLGQB
GRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApTaW1wbGUg
SW5jMRcwFQYDVQQLDA5TaW1wbGUgUm9vdCBDQTEXMBUGA1UEAwwOU2ltcGxlIFJv
b3QgQ0EwHhcNMTUwOTEwMTc1NzAxWhcNMjUwOTA5MTc1NzAxWjB6MRMwEQYKCZIm
iZPyLGQBGRYDb3JnMRYwFAYKCZImiZPyLGQBGRYGc2ltcGxlMRMwEQYDVQQKDApT
aW1wbGUgSW5jMRowGAYDVQQLDBFTaW1wbGUgU2lnbmluZyBDQTEaMBgGA1UEAwwR
U2ltcGxlIFNpZ25pbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDbrYUlzSJ6nr8M6fi/Fd4BmJDBkbCsHoIfLEFTCXEvACYAvJNeyDN293CnCG7K
6DNHXFMiqIOWsyQs0PdMHdQ8MO2pPVVnUdxCxq0QdpoOuP6srGNfSOLAxhXwPLz3
OwYrb/R1Wqp9wG2TBm2yi/MGg/8hkZ/sv4G0rYBUfF7RQbXEWD/cjUazhdns1yuA
0RDOyWKh/ouZuT+Q0U4RlfpdAp4D9deDdjJV3KnIGEf5YxNZi556CwuJgDo7pYdT
0cYR/eXla+lqTb+6hqwBe3gcyvot3SV+FRGP/QNCSCcqGYpEPsOXSZ5TJh8aMmHM
toO7LZruiKKxaKmEaH/sqKEJAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNV
HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSm4rqUdzti6FaMzaOvX8n9KVo6tTAf
BgNVHSMEGDAWgBQjUTKlbRs+kH06igkeCD4+9rYcuDANBgkqhkiG9w0BAQUFAAOC
AQEAueyfcCxFck5nWZv4E2ojqm+YzLga6torOjbGNZsb4J0sQtg2VCghGt6qKX1w
yAz2e4MBxGwxTGuZfHW0T40MqSc3SjJHchJjfrDvPTy+//pkOFCAXV/DDNIdNioF
3DHfAfQ+H4N+4LEW5UEqAO1n7aPxJn3Q4LMkN95uHokcyx74NhdYGP/tiLwpXpjW
XU0nhzOEZNVPP32O2PB6/CFFdZshA7JInD9RFAASthvyr35ghojq/X6Dz9Elq14s
jhQOZ1qvp5LaxNvddDHw4CBJl/V5QEm8u80V54DnLdrmfYyusieR40NOzEASZabD
E9ZjsFzlf40NB3q1s9h7A6yECw==
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    localKeyID: 1C 06 3F 2A 60 8A EE E7 B1 58 9C F6 BA 85 CF 9F 6B BD 08 1F
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwyJbwSIFLUwzketwXMfCqDoESC567N4ZXCpBzKXNuB0+kjO0
KqP0hUHReaens3QLTPiZc4uy8fkGylfIuiSlwl40rEL+F3M7lLlebxUmtmAzG3eP
JUE81quNY6zv8fhBUYj4yKDUiKv5p6pEY73dATJPzduJSxvzZwYdKtlJUXYqFasq
PIZvTzGNePWdiQwyucMKwKllW9FoK1TTDNvoD8dAieLVcxcla0kov7I1GrOAS4Vo
ZzVOSZp9taeb+I0SWOc3u7o21VnJTQ729HneJN8Q9RkMYJ0KFlsOJ/LCf9s5cnrf
7ffkisCyRw3FlIN17a4yM5x2Y7y76ncctVEFaQIDAQABAoIBAQCOdPXxcInBASGh
BPY59egpcnmPzMcXSCnRfFQfOGiQYmE80RxWCO5Jnrx0CS7INw7M+azlivZv6vLH
JAE5y+lrleT0YdAohIrZz96eUB28BU0qX0WU2CS3P/Tv8OAXkbr18H5X0fp3cL3J
ZueYvZKr/fP/AKghul0fOHpwvsLlAY2CBT1XFj55yKs2yb6tYiy65embZB8Lomfm
aR8F3BPVCIXqR0Ws6tzoCsvmwKAaOxhbqYF6LvykbsgLSHu9Z0fM+FGS4lyQRGvF
cMPLWzOWiOUXnvFY295CaDvLbGn0EsHHtOBJqM9udAdUpQjZwjTWfb76rlU8XRZZ
ZdzkKEMlAoGBAOssRb69oKbMiq51naWVpOEYh8IfbFuolWY14e8yOvR+Xyn9gdEc
F87gIOw/DDEotgPJF+VwbWE+++B5gey+Z1xzhOb639LOEPyYt1uUe2r0JZebrLRr
cm1PBV9Laoxkq3TDx7/Krhul3SSgslMChP4NmnxwoMnQo3vMQFuYx6BHAoGBANRq
WOXFfuuKaNHzJGb4TjfyTPQ+ZIdGYm7RZXEP5hwXymflDxrM+btHsWItuM66lsG/
aNAgdxAmYxHucrpRzr72xzr8Z96EQjk4kEufm32evb7tB8SwQpfdhWNVhNwfUvye
3nynA6+W8wzCvYFrWgI46ljmRikRo4yblpkp6DTPAoGAdZLrx6HMeLfYOcKJr2gy
R2tZLB9DsEuHbdNQgqLNQMERWM/qIB54dLAvJY2bzdP5s8jMzqO3u5+ek6qL302O
JXWHo2cXka/+ZBsByKJiVaV8SeDFpmn1ilqwZ+UvfsMxyS28ZtGw3Be/iPliTgf7
b3xjmQVCDcPmiBUks+adHy8CgYAsTnp4gvd0Xgx7LoI7UDPQi6Ptlk4VwWKqxtan
/K780SGRBkBeUL8Oh2fCmNLhnB3yD+Dm+L6dCcTEar5XitTbFFJ+RUPNMD03/kpq
28HtM///MEBlraW245E/eVZfX2fkfQimXsFXq90gyWRhTrsiyUSG+a1qFV1UI9Do
FV6wFQKBgQCHVQesGGECYUAcxQfRL4OgvjRHHdCzECcuCBqQiGzc99S4QM3/npQF
y9N3cVExO7/5IdnH1m4orRS6ysBpI4c36Uu3IkdRJNOLC6FpdOW8eQtlzHhn2OQg
DvtGGAsIrK2xcSAhD8Mde8P7elmc6lGnEXLL8ShKmYKtj3ViUY42xQ==
-----END RSA PRIVATE KEY-----


As it can be seen that this PKCS#12 store has two public keys (user + singing CA) and user's private key.

Note: As this PKCS#12 store has the PKI chain inside, the peer only needs the Root CA to be loaded into its trust store to verify the user.


References:

 


 
Powered by ForumEasy © 2002-2022, All Rights Reserved. | Privacy Policy | Terms of Use
 
Get your own forum today. It's easy and free.