0

I purchase a certificate to sign PDF from a supplier. They delivered 3 files: mycert.cer, ca.cer and root.cer. I need to create a p12 file from it. But i have no success doing this. I tried:

openssl pkcs12 -export -in mycert.cer -nokeys -out finnal.p12 -certfile ca.cer -certfile root.cer

It asks for a export password and it creates the p12 file. Then i tried to use it to sign a PDF using PortableSigner2:

But it gives an error: 

Position V:0.0 L:0.0 R:0.0
Error reading certificate (no key)
    null

I also tried to use the Portecle to export to p12. Again does not give any error but when i try to use the p12 to sign, it gives errors.

Anyone can help me doing this task? Thank you.

Kaf
  • 169
  • 9
  • 4
    You created a PKCS12 file, without privatekey. **Signing requires the privatekey.** The normal process is (1) you generate the privatekey, (2) you extract the publickey in the form of a CSR, (3) you use the CSR to obtain a certificate (plus its chain), (4) you use the privatekey from 1 together with the certs from 3. You failed to tell us about your step 1. – dave_thompson_085 Nov 27 '19 at 08:01
  • you are right! I forgot that. I changed the comand to: openssl pkcs12 -export -in mycert.cer -inkey my.key -out finnal.p12 -certfile ca.cer -certfile root.cer, and it work well. Just one doubt: i sign the pdf and check it with pdfsig. All return okay except this: Certificate Validation: Unknown issue with Certificate or corrupted data. Might be something with the root.cer or ca.cer? – Kaf Nov 27 '19 at 18:32
  • All problems went away when i used jsignpdf. All the details of the signed pdf were crrect. Thank you. – Kaf Dec 03 '19 at 17:06

0 Answers0