Load multiple certificates from one PEM file

[xionglingfeng]

I am playing pyOpenSSL with a multi-level PKI. My purpose is to generate and sign a CSR with a L2 CA, and output the sgined certificate chain.

Files I have:

ca.key : Private key for L2 CA
ca.crt : Certificate chain for L2 CA

I load L2 CA certificate by

with open('ca.crt', 'r') as f:
    cacrt = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())

But cacrt contains only one certificate (L2 CA certificate), the certificate of Root CA is missing. Is there anyway to get it?

[hynek]

I think load_certificate() loads only one (presumably the first) certificate.

I guess what you want is OpenSSL.SSL.Context.use_certificate_chain_file?

For splitting pem files you may want to look at https://github.com/hynek/pem .

[xionglingfeng]

@hynek Thank you very much for the information :-) BTW: Since openssl command line tool has the ability to parse PEM files with multiple certificates, doesn't its development library offer such interface?

[hynek]

I’m not sure although the current plan is to make pyOpenSSL consume directly cryptography’s x509 objects: #439.

[karthikrao-23]

how can I install https://github.com/hynek/pem with yum ? Seems there is no package in yum for this yet.

[hynek]

I have no information whether or not Red Hat (or debian for that matter) has – or intends to – packaged pem.