使用 SPC 文件在 Linux 上签名文件
我有一个 .key 文件,从中生成了一个 .csr 文件,我用该文件购买了 GoDaddy 代码签名证书。我从 GoDaddy 收到了一个 .spc 文件。
我使用以下命令将 spc 文件导出到 pem:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
然后打开 certs.pem 文件并将前两个证书复制到名为 cert-chain.crt 的文件,将最后一个(这是我的)复制到名为 server.crt 的文件。
我尝试使用以下命令对文件进行签名:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
但我得到的是:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
我做错了什么?我通常应该如何使用提供的 SPC 文件签署 a.mobileconfig 文件?
I have one .key file from which I generated a .csr file that I used to purchase a GoDaddy code signing certificate. From GoDaddy I received one .spc file.
I exported the spc file to pem with the following command:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
I then opened the certs.pem file and copied the first two certificates to a file called cert-chain.crt and the last one (which is mine) to one called server.crt.
I tried to sign the file like with this command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
But what I got is:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
What am I doing wrong? How should I normally sign the a.mobileconfig file with the provided SPC file?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的证书采用 DER 格式,但 openssl 采用 PEM 格式。您应该将
-inform der添加到命令中:Your certificate is in DER format, but openssl is assuming PEM format. You should add
-inform derto the command: