OpenSSL certificate conversion PKCS#12 PEM

by on Feb.04, 2006, under OpenBSD

Convert a certificate from PEM format (.pem) to PKCS12 format (.p12)

To use a certificate for authentication or for encryption/decryption, you have to import it into your program’s certificate manager. The program could be a web browser, email client, or even something like a hard-coded encryption/decryption routine run from a script. Different programs, browsers, and mail clients require this certificate in differing formats. At some point, you will need to convert a certificate, unles you *love* spending all of your extra cash on commercial certificates.
Here’s the openssl command to convert your certificate from a PEM format to a PKCS12 format:

$ openssl pkcs12 -export
-out <em>file_name.p12</em>
-name "<em>My certificate</em>"
-inkey ~/.ssl/userkey.pem
-in ~/.ssl/usercert.pem

## Options Explanation ##
-out : The filename of your new certificate file in PKCS12 format.
-name : An arbitrary text name to differentiate this certificate from others.
-inkey : The path and the name of the file containing your private key
-in : The path and the name of the file containing your certificate.

Convert a certificate from PKCS12 format (.p12) to PEM format (.pem)

  • To export just your private key to ~/.ssl/userkey.pem

    $ openssl pkcs12 -nocerts -in cert.p12 -out ~/.ssl/userkey.pem

  • To export only your certificate to ~/.ssl/usercert.pem

    $ openssl pkcs12 -clcerts -nokeys -in cert.p12 -out ~/.ssl/usercert.pem

-in cert.p12 : the path and filename of your certificate in PKCS12 format.

Change the passphrase of the private key

$ openssl rsa -in ~/.ssl/userkey.pem -des3

Where ~/.ssl/userkey.pem is your private key
The openssl command will prompt for:
1. your old password
2. your new password
3. verification of your new password

Advertisement
:

Leave a Reply


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

CryptedNets is proudly powered by

Entries (RSS) and Comments (RSS)
- Login

Visit our friends!

A few highly recommended friends...