in the event of an expiring trust chain due to a cross signed root or intermediate, you may have an expiring chain installed and need to replace it (like with theAddTrust root expiration) withSectigo. To update the trust chain for a given alias in a pkcs12 keystore...
在 创建用于访问系统信息库的客户机证书 中创建的 PEM 证书将运行以使用 pkg 客户机访问安全的系统信息库。但是,要访问浏览器用户界面 (browser user interface, BUI),必须将证书和密钥转换为 Firefox 可以导入的格式。Firefox 接受 PKCS12 密钥库。
Create a PFX/P12 file with only certificates ("other_certificates") Try to parse the file or run the export again over the same file openssl_pkcs12:path:"{{ truststore_path }}"name:truststoreother_certificates:"{{ cacert_path }}"
So using a PKI with the structure root->intermediate->leaf and using a CA like step-ca it will make sense to create pkcs#12 certificate like: step ca certificate mariano@smallstep.com mariano.crt mariano.key step certificate p12 mariano.crt mariano.key --ca $(step path)/certs/root_ca....
Message="The specified PKCS#12 X.509 certificate content can not be read. Please check if certificate is in valid PKCS#12 format." Happy to try out the TF logging, if someone can give me pointers on how to set it up TF_LOG=TRACE did not work for me. 👍 1 vermegi commented Oct...