2015-12-13 22:57 GMT+01:00 Salz, Rich <rsalz at akamai.com>: > >> And we don't know on which client OP will have to use that pem file, thus >> give advise that works on all clients, not just OpenSSL or GnuTLS or whatever. > > It is quite reasonable to give openssl-specific answers on the openssl-users mailing list, isn?t it? All given answers are openssl-specific (OP uses OpenSSL to CREATE the bundle but likely not to READ / USE the created bundle). You are intelligent enough to understand the difference, aren't you? The problem with Viktor Dukhovni is that he acts like THE AUTHORITY; saying all other given answers are wrong (actually none is). Additionally his solution is complicated and only works with OpenSSL. Since Windows, Mac, GnuTLS, OpenSSL, Android, iPhone, etc. understand a pkcs7 container and since nobody knows on what clients the bundle will be used Walter Hs answer is the best solution. You know encryption but obviously not that there is a world beyond OpenSSL. And as I already wrote: If you want to use the bundle on Windows you CANNOT simply concatenate all the certs into one certs.pem because Windows (and various other Operating Systems) does not understand that format.
