P12 certificate of PKS12 certificates defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.
A PKCS #12 file may be encrypted and signed. The internal storage containers, called “SafeBags”, may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer’s choice.
PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories.
The filename extension for PKCS #12 files is .p12 or .pfx.
Now let’s see how we can extract certificates from a p12 file. We can extract CA certificate, client certificate and client key file using the following 3 commands:
openssl pkcs12 -in cert.p12 -cacerts -nokeys -chain | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cacerts.cer
openssl pkcs12 -in cert.p12 -clcerts -nokeys | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > clientcert.cer
openssl pkcs12 -in cert.p12 -nocerts -nodes | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > clientcert.key
2 Comments