About
PKCS12 is a pkcs version 12.
PKCS12 (ie p12 extension) is intended to store both:
- the private key
It has the capability of being password protected to provide some protection to the keys.
PFX was the predecessor of PKCS#12.
PKCS#12 files are used by client application such as:
- browser such as Chrome, Netscape, MSIE
- or email client such as MS Outlook.
Management
Chain
with Openssl (libcrypto) pkcs12 1), you can add a chain
Creation
A PKCS#12 file can be created by using the -export option
With
- a server certificate and the required intermediates in one PEM file
- and private key
openssl pkcs12 -export -in www-example-com.crt -inkey www-example-com.key -out www-example-com.p12
To Pem
Privacy-Enhanced Mail (PEM) (OpenSsh key format)
The format becomes a base 64 hash of pkcs12.
openssl pkcs12 \
-in /opt/truststore.pkcs12 \
-nodes \ # Don't encrypt private keys
-out /opt/truststore.pem \
-passin 'pass:YourPassword'