Reputation: 999
I already found a thread with a similar topic but I wasn't able to solve my problem this way, so I hope I get help here.
I'm trying to sign a iPhone config profile with my servers SSL certificate on Mac OS X:
openssl smime -sign -in company.mobileconfig -out signed.mobileconfig -signer server.crt -inkey server.key -certfile ca.crt -outform der -nodetach
Unfortunately I get the following error
unable to load certificate
I'm don't know what I'm doing wrong - I use the following certs:
server.crt:
-----BEGIN CERTIFICATE-----
MIIHV.....
-----END CERTIFICATE-----
server.key:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC, .....
sHK1......
-----END RSA PRIVATE KEY-----
ca.crt: from http://www.startssl.com/certs/
All certificates are in the same folder 'iphone' I changed to with
ch /Volumes/Daten/.../iphone
So now I'm on
localhost:iphone Stefan$
Many thanks for your help in advance!
Regards Stefan
Upvotes: 3
Views: 1669
Reputation: 3736
Let's imagine that you are using Let's Enrcypt, you might get certificate.pem, privatekey.pem, chain.pem, fullchain.pem.
-signer
should be certificate.pem which is the certificate of the server.
-inkey
should be private.key of the server.
-certfile
should be fullchain.pem
The chain.pem is the certificate chain including CA ROOT without certificate.pem, while fullchain.pem including everything.
Upvotes: 1
Reputation: 999
The answer is:
openssl smime -sign -signer cert.pem -inkey key.pem -certfile ca-bundle.pem -nodetach -outform der -in profile-uns.mobileconfig -out profile-sig.mobileconfig
with ca-bundle.pem is the cert chain of a CA.
Upvotes: 3