Generally speaking, OpenSSL hasn't exactly encouraged multiple objects in one DER file. While it's theoretically possible to have several objects in such a file file, there is code in OpenSSL where that's simply not considered. For example, this snippet in the man-page 'X509_LOOKUP_file' is quite clear: Functions X509_load_cert_file and X509_load_crl_file can load both PEM and DER formats depending of type value. Because DER format cannot contain more than one certificate or CRL object (while PEM can contain several concatenated PEM objects) X509_load_cert_crl_file with FILETYPE_ASN1 is equivalent to X509_load_cert_file. The functions described there are also used by functions like X509_LOOKUP_load_file(). Note that this may change going forward, as OSSL_STORE is gradually entering the scene, and does provide a bit better flexibility in this regard. (We have recently added an X509_LOOKUP variant that uses OSSL_STORE for its object retrieval, see the section 'OSSL_STORE Method' in doc/man3/X509_LOOKUP_hash_dir.pod in recent OpenSSL source, such as the alpha releases) Cheers, Richard On Fri, 22 May 2020 00:53:39 +0200, paul h. roubekas wrote: > I am a complete newbie to this list. > > I wanted to search the archive but found no such page. > > I have a requirement to convert all certs in a *.p12 file to a *.der file for use in the curl > command. > > The first hop to a *.pem file has all the certs. > > But the second hop only has one cert. The I read the docs but found nothing that looked even > close. > > Hop 1 > > openssl pkcs12 -chain -in trust.p12 -out ww_temp.pem -password {redacted} > > Hop 2 > > openssl x509 -outform der -in ww_temp.pem -out ww_temp.der > > The Question) How do I get all the certs in the .der file? > > -- Richard Levitte levitte@xxxxxxxxxxx OpenSSL Project http://www.openssl.org/~levitte/