FreeKB - OpenSSL Create a PFX public / private key pair
OpenSSL - Create a PFX public / private key pair

A PFX (personal exchange format) file contains both private keys and public certificates. If you do not yet have OpenSSL installed on your Linux system, use apt-get or yum to install OpenSSL.

yum install openssl

 

Before creating the PFX file, you will first need to create the public certificate and private key. These articles describe how to create the public certificate and private key.

 

Let's say you've created the following files:

  • foo.crt (public certificate)
  • foo.key (private key)

 

The following command will create foo.pfx using the foo.crt public certificate and the foo.key private key.

openssl pkcs12 -export -in foo.crt -inkey foo.key -out foo.pfx

 


Display the content of the PFX file

The following OpenSSL command can be used to display the contents of the PFX file.

openssl pkcs12 -in foo.pfx -info -passin pass:your_password

 

Or the Java keytool command (if you have Java installed on your system).

keytool -list -v -keystore foo.pfx -storetype PKCS12 -storepass your_password

 


Alias name / Friendly name

When creating the PFX file, if the -name option is not included, when displaying the content of the PFX file using the Java keytool command, the alias name will be 1.

Alias name: 1

 

Or when displaying the content of the PFX file using OpenSSL, the PFX file will not include the friendlyName attribute.

Bag Attributes
    localKeyID: DA 2F E9 D0 48 CF 8D BE 2D 1A 9A 65 76 C5 2C 4C 21 04 E6 AA 
subject=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com
issuer=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com

 

The -name option can be used to define the alias name.

openssl pkcs12 -export -in foo.crt -inkey foo.key -out foo.pfx -name foo

 

Now when displaying the content of the PFX file using OpenSSL, the PFX file should include the friendlyName attribute.

Bag Attributes
    localKeyID: DA 2F E9 D0 48 CF 8D BE 2D 1A 9A 65 76 C5 2C 4C 21 04 E6 AA 
    friendlyName: foo.example.com
subject=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com
issuer=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com


Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter d111e in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |