Bootstrap FreeKB - OpenSSL - Create a PKCS12 file
OpenSSL - Create a PKCS12 file
Updated:   |  OpenSSL articles

Before creating the PKCS12 file using OpenSSL, you will first need to the public certificates and private keys that will be stored in the PKCS12 file. Let's say you have the following files:

  • example.com.cer (public certificate)
  • example.com.key (private key)

 

If you do not yet have OpenSSL installed on your Linux system, the apt-get install command on a Debian system (Mint, Ubuntu) or the dnf install command or yum install command on a Red Hat system (CentOS, Fedora, Red Hat) can be used to install OpenSSL.

yum install openssl

 

The following command will create the PKCS12 file named keystore.p12 using the example.com.cer public certificate and the example.com.key private key.

openssl pkcs12 -export -in example.com.cer -inkey example.com.key -out keystore.p12

 

Display the content of the PKCS12 file

The following OpenSSL command can be used to display the contents of the PKCS12 file.

openssl pkcs12 -in example.com.p12 -info -passin pass:your_password

 

Or the Java keytool command (if you have Java installed on your system).

keytool -list -v -keystore example.com.p12 -storetype pkcs12 -storepass your_password

 

Alias name / Friendly name

When creating the PKCS12 file, if the -name option is not included, when displaying the content of the PFX file using the Java keytool command, the alias name will be 1.

Alias name: 1

 

Or when displaying the content of the PKCS12 file using OpenSSL, the PKCS12 file will not include the friendlyName attribute.

Bag Attributes
    localKeyID: DA 2F E9 D0 48 CF 8D BE 2D 1A 9A 65 76 C5 2C 4C 21 04 E6 AA 
subject=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com
issuer=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com

 

The -name option can be used to define the alias name.

openssl pkcs12 -export -in example.com.cer -inkey example.com.key -out example.com.p12 -name foo.example.com

 

Now when displaying the content of the PKCS12 file using OpenSSL, the PKCS12 file should include the friendlyName attribute.

Bag Attributes
    localKeyID: DA 2F E9 D0 48 CF 8D BE 2D 1A 9A 65 76 C5 2C 4C 21 04 E6 AA 
    friendlyName: foo.example.com
subject=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com
issuer=/C=US/ST=WI/L=Appleton/O=demo/OU=demo/CN=foo.example.com

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 661c43 in the box below so that we can be sure you are a human.