[Help-gnutls] Exporting a PKCS#12 structure without the private key

[Fabian Fagerholm]

Hi!

I've created a PKCS#12 file using gnutls certtool to distribute a
certificate to some clients. However, it seems that certtool includes
both the certificate and the private key in that file. But I absolutely
do not want to distribute the key, only the certificate.

From rom rom reading the OpenSSL mailing lists, I've learned that PKCS#12 files
typically include both the certificate and the private key, but that it
isn't stricly neccessary. A development version of OpenSSL can generate
PKCS#12 files with either only the certificate or only the key. This
option was not available before, because some programs had trouble
handling such files.

I also read that the certificate might be put into a PKCS#7 structure
and the key in a PKCS#8 structure, but I have no idea if these formats
are supported anywhere. Certtool seems to support PKCS#8 keys, but I
don't know how that is going to help.

Can certtool be used to put only the certificate into a PKCS#12
structure? Or is there another format besides PEM that would allow me to
distribute only the certificate?

Please Cc me on replies, I'm not subscribed to help-gnutls.

Many thanks,
-- 
Fabian Fagerholm <address@hidden>

signature.asc
Description: This is a digitally signed message part