Format a PKI certificate chain
This topic describes how to combine multiple DER-encoded and PEM certificates into a single file.
Start this task
If you use more than one certificate, follow this procedure to combine them into a single file.
- Convert DER-encoded root and intermediate certificates (with .cer, .crt extension) into PEM format. Use the following openssl command: openssl x509 -inform der -in $input-cert-file-name -out $out-cert-file-name-with-pem-extension
- Concatenate all the PEM certificates into a single file. Ensure that the root certificate is the last one in the list. Use the following command: cat $intermediate-cert-file-1 ... $intermediate-cert-file-N $root-cert-file-with-pem-extension > trust-chain.pem
- Upload trust-chain.pem when you create the Smart Card IdP. Ensure that no other Smart Card IdPs exist.