Our project therefore sometimes because of the need to check whether the certificate is a legal certificate holders thus need to verify the current certificate certificate chain; however, there may be times for other reasons no certificate chain, according to the following description shows how to generate the certificate chain p7b certificate chain;
First, suppose we have a certificate root01.cer, Certificate II root02.cer and the need to verify the certificate user.cer
first step:
If we need to create the certificate chain der convert PEM-encoded certificate, we can use openssl command, as follows:
//der转pem
//一级根转换
openssl x509 -inform DER -in root01.cer -outform PEM -out root01.pem
//二级根转换
openssl x509 -inform DER -in root02.cer -outform PEM -out root02.pem
The second step
Synthesis p7b certificate chain, as follows:
//合成p7b
openssl crl2pkcs7 -certfile root01.pem -certfile root02.pem -outform DER -out root.p7b -nocrlFinally generated root.p7b is the need for a certificate chain;
to sum up
In fact, according to the main chain by a certificate generates a certificate openssl instruction completion, the operation instruction is as follows:
//der转pem
1、openssl x509 -inform DER -in test.cer -outform PEM -out test.pem
//合成p7b
2,openssl crl2pkcs7 -certfile secondRoot.pem -certfile Root.pem -outform DER -out second.p7b -nocrl