PKCS12 is a pkcs version 12.
PKCS12 (ie p12 extension) is intended to store both:
- the private key
It has the capability of being password protected to provide some protection to the keys.
PFX was the predecessor of PKCS#12.
PKCS#12 files are used by client application such as:
A PKCS#12 file can be created by using the -export option
- a server certificate and the required intermediates in one PEM file
- and private key
openssl pkcs12 -export -in www-example-com.crt -inkey www-example-com.key -out www-example-com.p12
The format becomes a base 64 hash of pkcs12.
openssl pkcs12 \
-in /opt/truststore.pkcs12 \
-nodes \ # Don't encrypt private keys
-out /opt/truststore.pem \