Cryptography - PKCS12

About

Cryptography - PKCS (Public Key Cryptography Standards)

PKCS12 (ie p12 extension) is intended to store both:

It has the capability of being password protected to provide some protection to the keys.

PFX was the predecessor of PKCS#12.

Management

Help

with Openssl See openssl pkcs12 –help. You can add a chain

Creation

A PKCS#12 file can be created by using the -export option

With

  • a server certificate and the required intermediates in one PEM file
  • and private key
openssl pkcs12 -export -in www-example-com.crt -inkey www-example-com.key -out www-example-com.p12

To Pem

Privacy-Enhanced Mail (PEM) (OpenSsh key format)

openssl pkcs12 \
    -in /opt/truststore.pkcs12 \
    -nodes \  # all entries
    -out /opt/truststore.pem \
    -passin 'pass:YourPassword'

Powered by ComboStrap