Cannot generate Apple Passbook signature

Question

I am writing a shell script to automatically generate an Apple Passbook signature file from manifest.json using p12 certificate. Here is what I do:

openssl pkcs12 -passin pass:"mypass" -in "mycert.p12" -clcerts -nokeys -out certificate.pem
openssl pkcs12 -passin pass:"mypass" -in "mycert.p12" -nocerts -out key.pem
openssl smime  -passin pass:"mypass" -binary -sign -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER

The first two functions work fine. At least both certificate.pem and key.pem are created. The signature file is also created, but for some reason it is empty (0 bytes), although manifest.json is not empty, as well as certificate and key. How can this happen, and how can I fix it?

Answer 1

I have solved this problem. Apparently, I also need WWDR.pem certificate to do this. This is how it worked:

openssl pkcs12 -passin pass:"somepass" -in "mycert.p12" -clcerts -nokeys -out certificate.pem
openssl pkcs12 -passin pass:"somepass" -in "mycert.p12" -nocerts -out key.pem -passout pass:"somepass"
openssl smime -binary -sign -certfile WWDR.pem -signer certificate.pem -inkey key.pem -in manifest.json -out signature -outform DER -passin pass:"somepass"