I have one .key file from which I generated a .csr file that I used to purchase a GoDaddy code signing certificate. From GoDaddy I received one .spc file.
I exported the spc file to pem with the following command:
openssl pkcs7 -inform DER -in mycert.spc -print_certs -out certs.pem
I then opened the certs.pem file and copied the first two certificates to a file called cert-chain.crt and the last one (which is mine) to one called server.crt.
I tried to sign the file like with this command:
open开发者_开发问答ssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -outform der -nodetach
But what I got is:
unable to load certificate
11911:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-41/src/crypto/pem/pem_lib.c:648:Expecting: TRUSTED CERTIFICATE
What am I doing wrong? How should I normally sign the a.mobileconfig file with the provided SPC file?
Your certificate is in DER format, but openssl is assuming PEM format. You should add -inform der to the command:
openssl smime -sign -in a.mobileconfig -out signed_a.mobileconfig -signer cert/server.crt -inkey cert/ios_apn.key -certfile cert/cert-chain.crt -inform der -outform der -nodetach
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论