Use this procedure to create a password protected PKCS #12
file that contains one or more certificates.
Before you begin
In the following procedure, the
openssl command is used to work with
certificates. This command is included in the
openssl package. To download this
package, go to the
OpenSSL
website.
About this task
The following files are used in the procedure examples:
- root-ca.pem: Certificate of the CA that issued the
sub-ca.pem file.
- sub-ca.pem: Certificate of the CA that issued the
user.pem file.
- user.pem: Certificate of the user that was issued by the subordinate
CA.
- user.key: Private key of the user certificate.
Procedure
The following examples show how to create a password protected PKCS #12
file that contains one or more certificates. For more information about the openssl
pkcs12 command, enter man pkcs12.
- PKCS #12
file that contains one user certificate.
openssl pkcs12 -export -in user.pem -caname user alias -nokeys -out user.p12 -passout pass:pkcs12 password
- PKCS #12
file that contains one user certificate and its private key.
openssl pkcs12 -export -in user.pem -name user alias -inkey user.key -passin pass:key password -out user.p12 -passout pass:pkcs12 password
- PKCS #12
file that contains one CA certificate.
openssl pkcs12 -export -in sub-ca.pem -caname sub-ca alias -nokeys -out sub-ca.p12 -passout pass:pkcs12 password
- PKCS #12
file that contains a trusted CA chain of certificates.
cat sub-ca.pem root-ca.pem > ca-chain.pem
openssl pkcs12 -export -in ca-chain.pem -caname sub-ca alias -caname root-ca alias -nokeys -out ca-chain.p12 -passout pass:pkcs12 password
- PKCS #12
file that contains a user certificate, user private key, and the associated CA certificate.
openssl pkcs12 -export -in user.pem -name user alias -inkey user.key -passin pass:key password -certfile sub-ca.pem -caname sub-ca alias -out user_and_sub-ca.p12 -passout pass:pkcs12 password