> Using NSS PKCS12 API, is there any way to generate a p12 file that > includes just the personal certificate and the key I want, keeping > the intermediate and root CAs for that cert away of the file?
Yes, AFAICT. You can't use SEC_PKCS12AddCertAndKey(), however, because this will unconditionally add the chain. What you would do instead is call SEC_PKCS12AddCert() and SEC_PKCS12AddKeyForCert() separately, and call the former with "includeCertChain" set to PR_FALSE. The code in pk12util might be useful as a starting point - see http://mxr.mozilla.org/mozilla/source/security/nss/cmd/pk12util/pk12util.c#596. Kaspar _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
