howtos:convert_pkcs12_format_certificate_to_pem_format_certificate
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | howtos:convert_pkcs12_format_certificate_to_pem_format_certificate [02/12/2018 21:34] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | If you have a certificate which appears to be in binary format, then you probably have a PKCS12 formatted file. While the PKCS12 format is used by Java KeyStores and Windows XP " | ||
+ | |||
+ | > openssl pkcs12 -in cred.p12 -out certkey.pem -nodes -clcerts | ||
+ | Enter Import Password: | ||
+ | MAC verified OK | ||
+ | > | ||
+ | |||
+ | First, an explanation of the command line options: | ||
+ | * -in - read in the PKCS12 formatted credential from the file cred.p12. | ||
+ | * -out - write out both the PEM formatted certificate and private key to the file certkey.pem. | ||
+ | * -nodes - an optional parameter NOT to encrypt the private key. If you cannot guarantee secure access to your private key, omit this command line option. | ||
+ | * -clcerts - output only client (user) certificates. | ||
+ | |||
+ | Next, some caveats of the interactive session: | ||
+ | * You will notice that the command outputs both the certificate and private key to a single file. If you open the certkey.pem file with a text editor, you will see something like this: | ||
+ | |||
+ | < | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIID1zCCA0CgAwIBAgIJAPznkOa+zeeLMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD | ||
+ | VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsG | ||
+ | A1UEChMETkNTQTEjMCEGA1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24x | ||
+ | GjAYBgNVBAMTEXd3dy5uY3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290 | ||
+ | QG5jYXMudWl1Yy5lZHUwHhcNMDYwMzAxMTkzMDMxWhcNMDcwMzAxMTkzMDMxWjCB | ||
+ | pDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMQ8wDQYDVQQHEwZVcmJh | ||
+ | bmExDTALBgNVBAoTBE5DU0ExIzAhBgNVBAsTGlNlY3VyaXR5IFJlc2VhcmNoIERp | ||
+ | dmlzaW9uMRowGAYDVQQDExF3d3cubmNzYS51aXVjLmVkdTEhMB8GCSqGSIb3DQEJ | ||
+ | ARYScm9vdEBuY2FzLnVpdWMuZWR1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB | ||
+ | gQCy8/ | ||
+ | 50FsgFoMn4d0qhkBb6JwczJtJRPphZIvXTi0rrOzZpe0yTF17NWcc5XXn9M8MbR2 | ||
+ | jS97pjJ2AyclvOgGN/ | ||
+ | HQYDVR0OBBYEFA9U2p42HR64xIK3uK9TqsuBYkorMIHZBgNVHSMEgdEwgc6AFA9U | ||
+ | 2p42HR64xIK3uK9TqsuBYkoroYGqpIGnMIGkMQswCQYDVQQGEwJVUzERMA8GA1UE | ||
+ | CBMISWxsaW5vaXMxDzANBgNVBAcTBlVyYmFuYTENMAsGA1UEChMETkNTQTEjMCEG | ||
+ | A1UECxMaU2VjdXJpdHkgUmVzZWFyY2ggRGl2aXNpb24xGjAYBgNVBAMTEXd3dy5u | ||
+ | Y3NhLnVpdWMuZWR1MSEwHwYJKoZIhvcNAQkBFhJyb290QG5jYXMudWl1Yy5lZHWC | ||
+ | CQD855Dmvs3nizAMBgNVHRMEBTADAQH/ | ||
+ | oMVFtzp52pMZevxov9HyJNpuWHOP7y7WHmuYzigDy5vOqJgPki3w3hkdprIKKIb5 | ||
+ | 7UPwfEZxrW4WwklWllcYV2/ | ||
+ | HtceiR1JeNNVHL+Y53cXbP6qKh0TYn8xVQH3 | ||
+ | -----END CERTIFICATE----- | ||
+ | Bag Attributes | ||
+ | localKeyID: 9B 8A 85 AF 89 9D EB B0 73 3A F8 F1 D3 F7 88 09 22 47 7C E3 | ||
+ | Key Attributes: <No Attributes> | ||
+ | -----BEGIN RSA PRIVATE KEY----- | ||
+ | MIICXAIBAAKBgQCy8/ | ||
+ | / | ||
+ | c5XXn9M8MbR2jS97pjJ2AyclvOgGN/ | ||
+ | AoGATW7y9i8hNobCLiWgTT8LXcIZ8X+i6zGsTlgZ/ | ||
+ | DTUNxCtNy8SD0mF/ | ||
+ | DvmUEG2RsA7boELYza6jrHRwEgB2Sk03ArW4M5jrS+/ | ||
+ | eugQmQABfR86N81dE48bILNQlhDjbHlyedmMOmDBMqFEE2ayfb3EtHUoaZ81YHcE | ||
+ | 5aDDY8B1AkEAxW+Wy65LE2OnjIYjDSqHUrCpHxa6BrAS2OqYj0VSw1Fs5D4YHg/ | ||
+ | Ku41T5tOkeVsuwQcrGDhWR3+E4I2CTwKjQJARxjbl9nYxlvTZQkg7F0FLG+bTupk | ||
+ | SZ3Bnq1RZGLm/ | ||
+ | PJWU81GlqhMlcf8/ | ||
+ | mlmm/ | ||
+ | GjxDIISsFw71r2h7XdV70oFeJ/ | ||
+ | -----END RSA PRIVATE KEY----- | ||
+ | </ | ||
+ | |||
+ | While OpenSSL can handle both the certificate and the private key in a single file, it is often preferable to keep the two separate. There are two ways to make separate files for the certificate and the key. | ||
+ | |||
+ | | ||
+ | | ||
+ | |||
+ | > openssl pkcs12 -in cred.p12 -out cert.pem -nodes -clcerts -nokeys | ||
+ | Enter Import Password: | ||
+ | MAC verified OK | ||
+ | > openssl pkcs12 -in cred.p12 -out key.pem -nodes -nocerts | ||
+ | Enter Import Password: | ||
+ | MAC verified OK | ||
+ | > | ||
+ | |||
+ | * The " | ||
+ | * If you omit the -nodes command line option, you will also be prompted to "Enter PEM pass phrase" | ||
+ | |||
howtos/convert_pkcs12_format_certificate_to_pem_format_certificate.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1