Adding certificate chain to p12(pfx) certificate

Question

I have aplication in java and cxf which connects to WebServices with client certificate.

I got certificates form WebService owner

• certificate.p12

Answer 1

Own answer.

I figured out how to do this with OpenSSL:

openssl pkcs12 -in certificate.p12 -out clientcert.pem -nodes -clcerts
openssl x509 -in trusted_ca.cer -inform DER -out trusted_ca.pem
openssl x509 -in root_ca.cer -inform DER -out root_ca.pem
cat clientcert.pem trusted_ca.pem root_ca.pem >> clientcertchain.pem
openssl pkcs12 -export -in clientcertchain.pem -out clientcertchain.pfx

Answer 2

If you are working in Windows OS, you can install the certificate as usual through the IIS, then open mmc.exe -> File -> Add / Remove Snap In -> Double click on "Certificates" Select "Computer Account", next, finish, OK.

Expand certificates, if needed add the certificates from the CA into "Intermediate Certification Authorities" or "Trusted Root Certification Authorities".

Then go to "Web Hosting", here must be your webSite certificates, select the certificate, left click on it, select Export and follow the wizard, the important things to check are "Include Private Key", Include all certificates on the chain, export all extended properties, you must set a password, select the output flie name and this is it. Now you have a certificate with the complete chain on it. No more problems with Facebook or similar.