Export PKCS12 files to PEM format using OpenSSL

Not all applications use the same certificate format. Sometimes, it is necessary to convert between the different key / certificates formats that exist.

Some interesting resources online to figure that out are:
(a) OpenSSL’s homepage and guide
(b) Keytool’s user reference

In our scenario here we have a PKCS12 file which is a private/public key pair widely used, at least on Windows platforms. We want to convert to another format, namely PEM.

OpenSSL does that very nicely:

openssl pkcs12 -in alice.p12 -passin pass:password -out alice.pem

You will need to have openssl installed. It works on either Windows or Linux.

  • The -in option specifies what file to read the keys / certificates from. This is our PKCS12 file.
  • -passin lets the user specify the password protecting the source PKCS12 file.
  • The prefix pass: is what OpenSSL documentation calls a passphrase argument. It indicates that what follows the colon is the actual password value, in this case ‘password’.
  • -out indicates which file to save the result to (the result being in this case both the public and private keys of alice). The default output format is PEM so we don’t need to specify anything else.

The result of this command is printed hereafter. It asks the user for a password to protect the PEM file.

MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

You can use your favorite editor (VI, Notepad, or less) to view the contents of alice.pem which will look like

Bag Attributes
    localKeyID: 28 B5 8E 16 11 88 E9 00 58 D5 76 30 12 B9 59 B8 E4 CE 7C AA
subject=/C=UK/ST=Suffolk/L=Ipswich/O=Example plc/CN=alice
issuer=/C=UK/ST=Suffolk/L=Ipswich/O=Example plc/CN=Certificate Authority/emailAddress=ca@example.com
-----BEGIN CERTIFICATE-----
MIIDDzCCAfegAwIBAgIJAMkyzQVK88NHMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
VQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMQ4wDAYDVQQHEwVLaXN0YTEQMA4G
[...]
0fbkqbKulrchGbNgkankZtEVg4PGjo+Y8MdMjtfSZB29hwYvfMX09jzJ68ZqmpYQ
njvcVtLbEZN5OGCkaslb/f2OxLbsUNgIbws538WnaaufDvKmQe2kUdWmpl9Wn9Bf
bZq7B+njvcVa7SsWF/WLq5AUbw==
-----END CERTIFICATE-----
Bag Attributes
    localKeyID: 28 B5 8E 16 11 88 E9 00 58 D5 76 30 12 B9 59 B8 E4 CE 7C AA
Key Attributes:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,59E17A0681CBBA5A

h8cxvZIwq+91bmRZ98eVsd0JHV1JKBRCSIrCs596npOTZD0gN5cD16HkqqBmaoRK
[...]
buaa7eUVtGawy3zn1bZsRcTPMXsPyqhpx6WtjkVb1P37QYPx4n1LgNcYGsOMAXOE
F+9wWVx0NuoV4guDrENm3/rCwhBC70Kh2G0234hf+10=
-----END RSA PRIVATE KEY-----