application/pkix-pkipath
-Kyle H
Defined in RFC4366 (section 8) and RFC6066 (section 10.1)
PkiPath ::= SEQUENCE OF Certificate
Within the sequence, the order of certificates is such that the subject of the first certificate is the issuer of the second certificate, etc.
(It's also defined in ITU-T Recommendation X.509(2000) Corrigendum 1(2001) | ISI/IEC 9594-82001/Cor.1:2002, Technical Corrigendum 1 to ISO/IEC 9594:8:2001. However, the assignment of the application/pkix-pkipath identifier was done in RFC4366 anf RFC6066.)
On Fri, May 22, 2020, 13:57 Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote:
On Thu, May 21, 2020 at 06:53:39PM -0400, paul h. roubekas wrote:
> I have a requirement to convert all certs in a *.p12 file to a *.der file
> for use in the curl command.
Perhaps I can crystalise some of the replies for you. The basic issue
is that **DER is not a file format**, rather:
* DER is binary encoding for a single data structure (object, a.k.a.
PDU or Protocol Data Unit), generally used only for objects with a
standardised ASN.1 schema.
One can of course write a DER serialied data structure to a file,
transmit it in network packet, ...
But, what one can't do (in contrast with PEM) is just concatenate
multiple DER objects together to get a meaningful multi-object store.
For that, you need a standardised container structure that can be
written in DER form, that *internally* holds multiple objects.
Ideally, something less bletcherous than PKCS#12 (inflicted on humanity
by some sadistic deity as punishment for ancestral sins).
--
Viktor.
