Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 02 Apr 2010 18:34:35 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Adam Vande More <amvandemore@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Combining SSL certificates
Message-ID:  <4BB62AAB.6040905@infracaninophile.co.uk>
In-Reply-To: <z2r6201873e1004020919o1be59ee0g7657a0d4187ae9cc@mail.gmail.com>
References:  <20100402110430.13bcdc03@scorpio.seibercom.net> <z2r6201873e1004020919o1be59ee0g7657a0d4187ae9cc@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/04/2010 17:19:02, Adam Vande More wrote:
> On Fri, Apr 2, 2010 at 9:04 AM, Jerry <freebsd.user@seibercom.net> wrote:
> 
>> Is it possible to combine all of the certificates in a chain into one
>> *.pem file?
>>
>> EXAMPLE:
>>
>> openssl s_client -connect imap.gmail.com:993 -crlf -showcerts
>>
>> This would show, in this case anyway, two certificates. Could I combine
>> both certs into on file, example: gmail-imap.pem and then run
>> 'c_rehash' on the file or do I have to save both certs in separate
>> files to complete the chain?
>>
> 
> Doesn't it work to simply concatenate pem's together?  I was my
> understanding it was possible to do that, but perhaps order of concatenation
> matters.  So make sure you're dealing with pem's and cat together with root
> being last and I think it should work.

Depends on the application I think.  Some applications like SSL key and
cert in the same file.  Some applications want them separate.  Some
applications like SSL Certs and all of the CA-Cert keys used to sign it
concatenated together; others like separate files for CA-Certs; yet
others only want CA Certs which aren't from one of the well-known root CAs.

Can't say as I've ever run into an app that likes several different keys
or certs in the same file [well, except for Java keystores, but in that
case the appropriate response is to scream and run away very quickly]

You pays your money, and you takes your choice.

	Cheers,

	Matthew

- -- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAku2KqsACgkQ8Mjk52CukIzvPACfSvTA+XgWmJF0Fl6g36y5UJPc
U0oAn0lmHLo1FUdzMV/Tj4DmZ7JqTJ13
=U+kz
-----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BB62AAB.6040905>