On 13.12.2015 11:34, Ben Humpert wrote: > 2015-12-13 3:53 GMT+01:00 Viktor Dukhovni<openssl-users at dukhovni.org>: >> In other words, you can concatenate all the trusted root CA >> certs into the "cert.pem" file in that directory, but this >> has a performance cost, as all the certificates are loaded >> into memory and parse even though most go unused. Alternatively, > The problem with concatenating certs into one file is that at least > Windows does not understand that format and just reads the first > certificate but ignores all following. > then create a pkcs7 container openssl crl2pkcs7 -nocrl -certfile cert1.pem -certfile cert2.pem -certfile cert3.pem -out bundle.p7b -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151213/b9c0c92f/attachment-0001.bin>
