6 openssl-pkcs12 - PKCS#12 file command
83 There are a lot of options the meaning of some depends of whether a PKCS#12 file
84 is being created or parsed. By default a PKCS#12 file is parsed.
85 A PKCS#12 file can be created by using the B<-export> option (see below).
170 Without the B<-export> option this must be PKCS#12 file to be parsed.
181 Output additional information about the PKCS#12 file structure, algorithms
236 This option specifies that a PKCS#12 file will be created rather than
241 This specifies filename to write the PKCS#12 file to. Standard output is used
248 With the B<-export> option this is a file with certificates and a key,
250 The order of credentials in a file doesn't matter but one private key and
252 certificates are present they will also be included in the PKCS#12 output file.
257 If this option is not specified then the input file (B<-in> argument) must
259 If no engine is used, the argument is taken as a file.
265 An input file with extra certificates to be added to the PKCS#12 output
278 certificate is built and included in the PKCS#12 output file.
279 The end entity certificate is the first one read from the B<-in> file
286 An input file of untrusted certificates that may be used
287 for chain building, which is relevant only when a PKCS#12 file is created
296 name is typically displayed in list boxes by software importing the file.
352 Use PBMAC1 with PBKDF2 for MAC protection of the PKCS#12 file.
367 down. The MAC is used to check the file integrity but since it will normally
374 this reduces the file security you should not use these options unless you
398 Export pkcs12 file in a format compatible with Java keystore usage. This option
410 used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
411 for PKCS#12 file creation B<-export> and B<-name> are also used.
418 certificate might assume that the first certificate in the file is the one
422 certificates are required then they can be output to a separate file using
444 Parse a PKCS#12 file and output it to a PEM file:
446  openssl pkcs12 -in file.p12 -out file.pem
448 Output only client certificates to a file:
450  openssl pkcs12 -in file.p12 -clcerts -out file.pem
454  openssl pkcs12 -in file.p12 -out file.pem -noenc
456 Print some info about a PKCS#12 file:
458  openssl pkcs12 -in file.p12 -info -noout
460 Print some info about a PKCS#12 file in legacy mode:
462  openssl pkcs12 -in file.p12 -info -noout -legacy
464 Create a PKCS#12 file from a PEM file that may contain a key and certificates:
466  openssl pkcs12 -export -in file.pem -out file.p12 -name "My PSE"
470  openssl pkcs12 -export -in file.pem -out file.p12 -name "My PSE" \
473 Export a PKCS#12 file with data from a certificate PEM file and from a further
474 PEM file containing a key, with default algorithms as in the legacy provider:
476  openssl pkcs12 -export -in cert.pem -inkey key.pem -out file.p12 -legacy
482 L<ossl_store-file(7)>
494 this file except in compliance with the License.  You can obtain a copy
495 in the file LICENSE in the source distribution or at

Last Index update Mon Nov 25 12:08:02 UTC 2024

Dedicated to & Maintained by Room-11