Menu
▾
▴
Re: [Ejbca-develop] Getting CA certificates in PKCS#7
|
From: ejbca-support <ejb...@pr...> - 2012-09-05 12:57:11
|
On 2012-09-05 11:09, Julien PASQUIER wrote: > Hello, > > I would like to specify in the AIA (Authority Information Access) extension of an end entity certificate the URL of a PKCS#7 file containing CA certificates (issuer of the end entity and parent's certificates up to the root CA). It seems to be that EJBCA is able to get CA certificates in PEM but not in PKCS#7 "certs-only" which is required by the RFC 5280 (page 49): > > Where the information is available via HTTP or FTP, accessLocation > MUST be a uniformResourceIdentifier and the URI MUST point to either > a single DER encoded certificate as specified in [RFC2585] or a > collection of certificates in a BER or DER encoded "certs-only" CMS > message as specified in [RFC2797]. > > How can I get CA certificates in CMS/PKCS#7 "certs-only" from EJBCA ? I don't know either but OpenSSL seems to be what you are looking for: http://langui.sh/2009/03/20/creating-a-pkcs7-p7b-using-openssl Cheers, Anders tech support > > Regards, > Julien > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
