I'm trying to install an SSL certificate for a Java servlet framework. I have 3 files: the private key (PEM), certificate file (PEM) and CA bundle (PEM). When I run:
openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -out server.p12 -CAfile server.ca-bundle -chain
…in order to get the p12
file that I can use to create the Java keystore, it fails with the following error:
Error unable to get issuer certificate getting chain.
Elsewhere, I have successfully setup 2 apache servers using the same key, certificate and CA bundle files and there are no problems. Why might I be getting this error?
Best Answer
I found (the|a) solution to this problem on this blog post. From the post:
...which is:
...then use
allcacerts.crt
(or whatever you call it) as the parameter to the-CAfile
option in the openssl command.