459 lines
18 KiB
HTML
459 lines
18 KiB
HTML
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>openssl-pkcs12</title>
|
||
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
|
<link rev="made" href="mailto:root@localhost" />
|
||
|
</head>
|
||
|
|
||
|
<body style="background-color: white">
|
||
|
|
||
|
|
||
|
<!-- INDEX BEGIN -->
|
||
|
<div name="index">
|
||
|
<p><a name="__index__"></a></p>
|
||
|
|
||
|
<ul>
|
||
|
|
||
|
<li><a href="#name">NAME</a></li>
|
||
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
||
|
<li><a href="#description">DESCRIPTION</a></li>
|
||
|
<li><a href="#options">OPTIONS</a></li>
|
||
|
<li><a href="#parsing_options">PARSING OPTIONS</a></li>
|
||
|
<li><a href="#file_creation_options">FILE CREATION OPTIONS</a></li>
|
||
|
<li><a href="#notes">NOTES</a></li>
|
||
|
<li><a href="#examples">EXAMPLES</a></li>
|
||
|
<li><a href="#see_also">SEE ALSO</a></li>
|
||
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<hr name="index" />
|
||
|
</div>
|
||
|
<!-- INDEX END -->
|
||
|
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="name">NAME</a></h1>
|
||
|
<p>openssl-pkcs12 - PKCS#12 file utility</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
||
|
<p><strong>openssl</strong> <strong>pkcs12</strong>
|
||
|
[<strong>-help</strong>]
|
||
|
[<strong>-export</strong>]
|
||
|
[<strong>-chain</strong>]
|
||
|
[<strong>-inkey</strong> <em>file_or_id</em>]
|
||
|
[<strong>-certfile</strong> <em>filename</em>]
|
||
|
[<strong>-name</strong> <em>name</em>]
|
||
|
[<strong>-caname</strong> <em>name</em>]
|
||
|
[<strong>-in</strong> <em>filename</em>]
|
||
|
[<strong>-out</strong> <em>filename</em>]
|
||
|
[<strong>-noout</strong>]
|
||
|
[<strong>-nomacver</strong>]
|
||
|
[<strong>-nocerts</strong>]
|
||
|
[<strong>-clcerts</strong>]
|
||
|
[<strong>-cacerts</strong>]
|
||
|
[<strong>-nokeys</strong>]
|
||
|
[<strong>-info</strong>]
|
||
|
[<strong>-des</strong>]
|
||
|
[<strong>-des3</strong>]
|
||
|
[<strong>-idea</strong>]
|
||
|
[<strong>-aes128</strong>]
|
||
|
[<strong>-aes192</strong>]
|
||
|
[<strong>-aes256</strong>]
|
||
|
[<strong>-aria128</strong>]
|
||
|
[<strong>-aria192</strong>]
|
||
|
[<strong>-aria256</strong>]
|
||
|
[<strong>-camellia128</strong>]
|
||
|
[<strong>-camellia192</strong>]
|
||
|
[<strong>-camellia256</strong>]
|
||
|
[<strong>-nodes</strong>]
|
||
|
[<strong>-iter</strong> <em>count</em>]
|
||
|
[<strong>-noiter</strong>]
|
||
|
[<strong>-nomaciter</strong>]
|
||
|
[<strong>-maciter</strong>]
|
||
|
[<strong>-nomac</strong>]
|
||
|
[<strong>-twopass</strong>]
|
||
|
[<strong>-descert</strong>]
|
||
|
[<strong>-certpbe</strong> <em>cipher</em>]
|
||
|
[<strong>-keypbe</strong> <em>cipher</em>]
|
||
|
[<strong>-macalg</strong> <em>digest</em>]
|
||
|
[<strong>-keyex</strong>]
|
||
|
[<strong>-keysig</strong>]
|
||
|
[<strong>-password</strong> <em>arg</em>]
|
||
|
[<strong>-passin</strong> <em>arg</em>]
|
||
|
[<strong>-passout</strong> <em>arg</em>]
|
||
|
[<strong>-LMK</strong>]
|
||
|
[<strong>-CSP</strong> <em>name</em>]
|
||
|
[<strong>-CAfile</strong> <em>file</em>]
|
||
|
[<strong>-no-CAfile</strong>]
|
||
|
[<strong>-CApath</strong> <em>dir</em>]
|
||
|
[<strong>-no-CApath</strong>]
|
||
|
[<strong>-CAstore</strong> <em>uri</em>]
|
||
|
[<strong>-no-CAstore</strong>]
|
||
|
[<strong>-rand</strong> <em>files</em>]
|
||
|
[<strong>-writerand</strong> <em>file</em>]
|
||
|
[<strong>-engine</strong> <em>id</em>]</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="description">DESCRIPTION</a></h1>
|
||
|
<p>This command allows PKCS#12 files (sometimes referred to as
|
||
|
PFX files) to be created and parsed. PKCS#12 files are used by several
|
||
|
programs including Netscape, MSIE and MS Outlook.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="options">OPTIONS</a></h1>
|
||
|
<p>There are a lot of options the meaning of some depends of whether a PKCS#12 file
|
||
|
is being created or parsed. By default a PKCS#12 file is parsed. A PKCS#12
|
||
|
file can be created by using the <strong>-export</strong> option (see below).</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="parsing_options">PARSING OPTIONS</a></h1>
|
||
|
<dl>
|
||
|
<dt><strong><a name="help" class="item"><strong>-help</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Print out a usage message.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="in_filename" class="item"><strong>-in</strong> <em>filename</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This specifies filename of the PKCS#12 file to be parsed. Standard input is used
|
||
|
by default.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="out_filename" class="item"><strong>-out</strong> <em>filename</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>The filename to write certificates and private keys to, standard output by
|
||
|
default. They are all written in PEM format.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="password_arg" class="item"><strong>-password</strong> <em>arg</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>With <strong>-export</strong>, <strong>-password</strong> is equivalent to <strong>-passout</strong>,
|
||
|
otherwise it is equivalent to <strong>-passin</strong>.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="noout" class="item"><strong>-noout</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This option inhibits output of the keys and certificates to the output file
|
||
|
version of the PKCS#12 file.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="clcerts" class="item"><strong>-clcerts</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Only output client certificates (not CA certificates).</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="cacerts" class="item"><strong>-cacerts</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Only output CA certificates (not client certificates).</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="nocerts" class="item"><strong>-nocerts</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>No certificates at all will be output.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="nokeys" class="item"><strong>-nokeys</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>No private keys will be output.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="info" class="item"><strong>-info</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Output additional information about the PKCS#12 file structure, algorithms
|
||
|
used and iteration counts.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="des" class="item"><strong>-des</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Use DES to encrypt private keys before outputting.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="des3" class="item"><strong>-des3</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Use triple DES to encrypt private keys before outputting, this is the default.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="idea" class="item"><strong>-idea</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Use IDEA to encrypt private keys before outputting.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="aes128_aes192_aes256" class="item"><strong>-aes128</strong>, <strong>-aes192</strong>, <strong>-aes256</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Use AES to encrypt private keys before outputting.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="aria128_aria192_aria256" class="item"><strong>-aria128</strong>, <strong>-aria192</strong>, <strong>-aria256</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Use ARIA to encrypt private keys before outputting.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="camellia128_camellia192_camellia256" class="item"><strong>-camellia128</strong>, <strong>-camellia192</strong>, <strong>-camellia256</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Use Camellia to encrypt private keys before outputting.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="nodes" class="item"><strong>-nodes</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Don't encrypt the private keys at all.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="nomacver" class="item"><strong>-nomacver</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Don't attempt to verify the integrity MAC before reading the file.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="twopass" class="item"><strong>-twopass</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Prompt for separate integrity and encryption passwords: most software
|
||
|
always assumes these are the same so this option will render such
|
||
|
PKCS#12 files unreadable. Cannot be used in combination with the options
|
||
|
<strong>-password</strong>, <strong>-passin</strong> if importing, or <strong>-passout</strong> if exporting.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="file_creation_options">FILE CREATION OPTIONS</a></h1>
|
||
|
<dl>
|
||
|
<dt><strong><a name="export" class="item"><strong>-export</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This option specifies that a PKCS#12 file will be created rather than
|
||
|
parsed.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="out_filename2" class="item"><strong>-out</strong> <em>filename</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This specifies filename to write the PKCS#12 file to. Standard output is used
|
||
|
by default.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="in_filename2" class="item"><strong>-in</strong> <em>filename</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>The filename to read certificates and private keys from, standard input by
|
||
|
default. They must all be in PEM format. The order doesn't matter but one
|
||
|
private key and its corresponding certificate should be present. If additional
|
||
|
certificates are present they will also be included in the PKCS#12 file.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="inkey_file_or_id" class="item"><strong>-inkey</strong> <em>file_or_id</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>File to read private key from. If not present then a private key must be present
|
||
|
in the input file.
|
||
|
If no engine is used, the argument is taken as a file; if an engine is
|
||
|
specified, the argument is given to the engine as a key identifier.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="name_friendlyname" class="item"><strong>-name</strong> <em>friendlyname</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This specifies the "friendly name" for the certificate and private key. This
|
||
|
name is typically displayed in list boxes by software importing the file.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="certfile_filename" class="item"><strong>-certfile</strong> <em>filename</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>A filename to read additional certificates from.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="caname_friendlyname" class="item"><strong>-caname</strong> <em>friendlyname</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This specifies the "friendly name" for other certificates. This option may be
|
||
|
used multiple times to specify names for all certificates in the order they
|
||
|
appear. Netscape ignores friendly names on other certificates whereas MSIE
|
||
|
displays them.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="passin_arg_passout_arg" class="item"><strong>-passin</strong> <em>arg</em>, <strong>-passout</strong> <em>arg</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>The password source for the input, and for encrypting any private keys that
|
||
|
are output.
|
||
|
For more information about the format of <strong>arg</strong>
|
||
|
see <em>openssl(1)/Pass Phrase Options</em>.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="chain" class="item"><strong>-chain</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>If this option is present then an attempt is made to include the entire
|
||
|
certificate chain of the user certificate. The standard CA store is used
|
||
|
for this search. If the search fails it is considered a fatal error.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="descert" class="item"><strong>-descert</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Encrypt the certificate using triple DES, this may render the PKCS#12
|
||
|
file unreadable by some "export grade" software. By default the private
|
||
|
key is encrypted using triple DES and the certificate using 40 bit RC2
|
||
|
unless RC2 is disabled in which case triple DES is used.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="keypbe_alg_certpbe_alg" class="item"><strong>-keypbe</strong> <em>alg</em>, <strong>-certpbe</strong> <em>alg</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>These options allow the algorithm used to encrypt the private key and
|
||
|
certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
|
||
|
can be used (see <a href="#notes">NOTES</a> section for more information). If a cipher name
|
||
|
(as output by <code>openssl list -cipher-algorithms</code>) is specified then it
|
||
|
is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
|
||
|
use PKCS#12 algorithms.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="keyex_keysig" class="item"><strong>-keyex</strong>|<strong>-keysig</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Specifies that the private key is to be used for key exchange or just signing.
|
||
|
This option is only interpreted by MSIE and similar MS software. Normally
|
||
|
"export grade" software will only allow 512 bit RSA keys to be used for
|
||
|
encryption purposes but arbitrary length keys for signing. The <strong>-keysig</strong>
|
||
|
option marks the key for signing only. Signing only keys can be used for
|
||
|
S/MIME signing, authenticode (ActiveX control signing) and SSL client
|
||
|
authentication, however due to a bug only MSIE 5.0 and later support
|
||
|
the use of signing only keys for SSL client authentication.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="macalg_digest" class="item"><strong>-macalg</strong> <em>digest</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Specify the MAC digest algorithm. If not included them SHA1 will be used.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="iter_count" class="item"><strong>-iter</strong> <em>count</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This option specifies the iteration count for the encryption key and MAC. The
|
||
|
default value is 2048.</p>
|
||
|
<p>To discourage attacks by using large dictionaries of common passwords the
|
||
|
algorithm that derives keys from passwords can have an iteration count applied
|
||
|
to it: this causes a certain part of the algorithm to be repeated and slows it
|
||
|
down. The MAC is used to check the file integrity but since it will normally
|
||
|
have the same password as the keys and certificates it could also be attacked.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="nomaciter_noiter" class="item"><strong>-nomaciter</strong>, <strong>-noiter</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>By default both MAC and encryption iteration counts are set to 2048, using
|
||
|
these options the MAC and encryption iteration counts can be set to 1, since
|
||
|
this reduces the file security you should not use these options unless you
|
||
|
really have to. Most software supports both MAC and key iteration counts.
|
||
|
MSIE 4.0 doesn't support MAC iteration counts so it needs the <strong>-nomaciter</strong>
|
||
|
option.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="maciter" class="item"><strong>-maciter</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This option is included for compatibility with previous versions, it used
|
||
|
to be needed to use MAC iterations counts but they are now used by default.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="nomac" class="item"><strong>-nomac</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Don't attempt to provide the MAC integrity.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="lmk" class="item"><strong>-LMK</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Add the "Local Key Set" identifier to the attributes.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="csp_name" class="item"><strong>-CSP</strong> <em>name</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Write <em>name</em> as a Microsoft CSP name.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="cafile_file_no_cafile_capath_dir_no_capath_castore_uri_no_castore" class="item"><strong>-CAfile</strong> <em>file</em>, <strong>-no-CAfile</strong>, <strong>-CApath</strong> <em>dir</em>, <strong>-no-CApath</strong>,
|
||
|
<strong>-CAstore</strong> <em>uri</em>, <strong>-no-CAstore</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>See <em>openssl(1)/Trusted Certificate Options</em> for details.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="rand_files_writerand_file" class="item"><strong>-rand</strong> <em>files</em>, <strong>-writerand</strong> <em>file</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>See <em>openssl(1)/Random State Options</em> for details.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="engine_id" class="item"><strong>-engine</strong> <em>id</em></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>See <em>openssl(1)/Engine Options</em>.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="notes">NOTES</a></h1>
|
||
|
<p>Although there are a large number of options most of them are very rarely
|
||
|
used. For PKCS#12 file parsing only <strong>-in</strong> and <strong>-out</strong> need to be used
|
||
|
for PKCS#12 file creation <strong>-export</strong> and <strong>-name</strong> are also used.</p>
|
||
|
<p>If none of the <strong>-clcerts</strong>, <strong>-cacerts</strong> or <strong>-nocerts</strong> options are present
|
||
|
then all certificates will be output in the order they appear in the input
|
||
|
PKCS#12 files. There is no guarantee that the first certificate present is
|
||
|
the one corresponding to the private key. Certain software which requires
|
||
|
a private key and certificate and assumes the first certificate in the
|
||
|
file is the one corresponding to the private key: this may not always
|
||
|
be the case. Using the <strong>-clcerts</strong> option will solve this problem by only
|
||
|
outputting the certificate corresponding to the private key. If the CA
|
||
|
certificates are required then they can be output to a separate file using
|
||
|
the <strong>-nokeys</strong> <strong>-cacerts</strong> options to just output CA certificates.</p>
|
||
|
<p>The <strong>-keypbe</strong> and <strong>-certpbe</strong> algorithms allow the precise encryption
|
||
|
algorithms for private keys and certificates to be specified. Normally
|
||
|
the defaults are fine but occasionally software can't handle triple DES
|
||
|
encrypted private keys, then the option <strong>-keypbe</strong> <em>PBE-SHA1-RC2-40</em> can
|
||
|
be used to reduce the private key encryption to 40 bit RC2. A complete
|
||
|
description of all algorithms is contained in <em>openssl-pkcs8(1)</em>.</p>
|
||
|
<p>Prior 1.1 release passwords containing non-ASCII characters were encoded
|
||
|
in non-compliant manner, which limited interoperability, in first hand
|
||
|
with Windows. But switching to standard-compliant password encoding
|
||
|
poses problem accessing old data protected with broken encoding. For
|
||
|
this reason even legacy encodings is attempted when reading the
|
||
|
data. If you use PKCS#12 files in production application you are advised
|
||
|
to convert the data, because implemented heuristic approach is not
|
||
|
MT-safe, its sole goal is to facilitate the data upgrade with this
|
||
|
command.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="examples">EXAMPLES</a></h1>
|
||
|
<p>Parse a PKCS#12 file and output it to a file:</p>
|
||
|
<pre>
|
||
|
openssl pkcs12 -in file.p12 -out file.pem</pre>
|
||
|
<p>Output only client certificates to a file:</p>
|
||
|
<pre>
|
||
|
openssl pkcs12 -in file.p12 -clcerts -out file.pem</pre>
|
||
|
<p>Don't encrypt the private key:</p>
|
||
|
<pre>
|
||
|
openssl pkcs12 -in file.p12 -out file.pem -nodes</pre>
|
||
|
<p>Print some info about a PKCS#12 file:</p>
|
||
|
<pre>
|
||
|
openssl pkcs12 -in file.p12 -info -noout</pre>
|
||
|
<p>Create a PKCS#12 file:</p>
|
||
|
<pre>
|
||
|
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"</pre>
|
||
|
<p>Include some extra certificates:</p>
|
||
|
<pre>
|
||
|
openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
|
||
|
-certfile othercerts.pem</pre>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
||
|
<p><em>openssl(1)</em>,
|
||
|
<em>openssl-pkcs8(1)</em>,
|
||
|
<em>ossl_store-file(7)</em></p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
||
|
<p>Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.</p>
|
||
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file LICENSE in the source distribution or at
|
||
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|