Generally speaking, OpenSSL hasn't exactly encouraged multiple objects
in one DER file. While it's theoretically possible to have several
objects in such a file file, there is code in OpenSSL where that's
simply not considered. For example, this snippet in the man-page
'X509_LOOKUP_file' is quite clear:
Functions X509_load_cert_file and X509_load_crl_file can load both PEM
and DER formats depending of type value. Because DER format cannot
contain more than one certificate or CRL object (while PEM can contain
several concatenated PEM objects) X509_load_cert_crl_file with
FILETYPE_ASN1 is equivalent to X509_load_cert_file.
The functions described there are also used by functions like
X509_LOOKUP_load_file().
Note that this may change going forward, as OSSL_STORE is gradually
entering the scene, and does provide a bit better flexibility in this
regard.
(We have recently added an X509_LOOKUP variant that uses OSSL_STORE
for its object retrieval, see the section 'OSSL_STORE Method' in
doc/man3/X509_LOOKUP_hash_dir.pod in recent OpenSSL source, such as
the alpha releases)
Cheers,
Richard
On Fri, 22 May 2020 00:53:39 +0200,
paul h. roubekas wrote:
> I am a complete newbie to this list.
>
> I wanted to search the archive but found no such page.
>
> I have a requirement to convert all certs in a *.p12 file to a *.der file for use in the curl
> command.
>
> The first hop to a *.pem file has all the certs.
>
> But the second hop only has one cert. The I read the docs but found nothing that looked even
> close.
>
> Hop 1
>
> openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password {redacted}
>
> Hop 2
>
> openssl x509 -outform der -in ww_temp.pem -out ww_temp.der
>
> The Question) How do I get all the certs in the .der file?
>
>
--
Richard Levitte levitte@xxxxxxxxxxx
OpenSSL Project http://www.openssl.org/~levitte/
