Export PKCS12 files to PEM format using OpenSSL
Not all applications use the same certificate format. Sometimes, it is necessary to convert between the different key / certificates formats that exist.
Some interesting resources online to figure that out are:
(a) OpenSSL’s homepage and guide
(b) Keytool’s user reference
In our scenario here we have a PKCS12 file which is a private/public key pair widely used, at least on Windows platforms. We want to convert to another format, namely PEM.
OpenSSL does that very nicely:
openssl pkcs12 -in alice.p12 -passin pass:password -out alice.pem
You will need to have openssl installed. It works on either Windows or Linux.
- The -in option specifies what file to read the keys / certificates from. This is our PKCS12 file.
- -passin lets the user specify the password protecting the source PKCS12 file.
- The prefix pass: is what OpenSSL documentation calls a passphrase argument. It indicates that what follows the colon is the actual password value, in this case ‘password’.
- -out indicates which file to save the result to (the result being in this case both the public and private keys of alice). The default output format is PEM so we don’t need to specify anything else.
The result of this command is printed hereafter. It asks the user for a password to protect the PEM file.
MAC verified OK Enter PEM pass phrase: Verifying - Enter PEM pass phrase:
You can use your favorite editor (VI, Notepad, or less) to view the contents of alice.pem which will look like
Bag Attributes localKeyID: 28 B5 8E 16 11 88 E9 00 58 D5 76 30 12 B9 59 B8 E4 CE 7C AA subject=/C=UK/ST=Suffolk/L=Ipswich/O=Example plc/CN=alice issuer=/C=UK/ST=Suffolk/L=Ipswich/O=Example plc/CN=Certificate Authority/emailAddress=ca@example.com -----BEGIN CERTIFICATE----- MIIDDzCCAfegAwIBAgIJAMkyzQVK88NHMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD VQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMQ4wDAYDVQQHEwVLaXN0YTEQMA4G [...] 0fbkqbKulrchGbNgkankZtEVg4PGjo+Y8MdMjtfSZB29hwYvfMX09jzJ68ZqmpYQ njvcVtLbEZN5OGCkaslb/f2OxLbsUNgIbws538WnaaufDvKmQe2kUdWmpl9Wn9Bf bZq7B+njvcVa7SsWF/WLq5AUbw== -----END CERTIFICATE----- Bag Attributes localKeyID: 28 B5 8E 16 11 88 E9 00 58 D5 76 30 12 B9 59 B8 E4 CE 7C AA Key Attributes: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,59E17A0681CBBA5A h8cxvZIwq+91bmRZ98eVsd0JHV1JKBRCSIrCs596npOTZD0gN5cD16HkqqBmaoRK [...] buaa7eUVtGawy3zn1bZsRcTPMXsPyqhpx6WtjkVb1P37QYPx4n1LgNcYGsOMAXOE F+9wWVx0NuoV4guDrENm3/rCwhBC70Kh2G0234hf+10= -----END RSA PRIVATE KEY-----