Convert a pkcs12 into individual files for apache or other openssl-compatible products
If you have a pkcs12 file (from IIS for example) and if you need to install the certificate on an Openssl-compatible product such as Apache, you will have to extract the content of the pkcs12 to get several files.First of all, create a global file (package):
openssl pkcs12 -in yourpkcs12.pfx -out package.pem -nodesThen duplicate that package file to get 3 different files:
cp package.pem mykey.key cp package.pem mycert.cer cp package.pem mychain.txtEdit each of those files via a test editor. Warning: You need to use a text editor that can interpret OpenSSL-style end-of-lines (under Windows, use an editor compatible with UNIX):
- in mykey.key only keep the "PRIVATE KEY" bloc
- in mycert.cer only keep the "BEGIN CERTIFICATE" bloc, corresponding to your server certificate (you know it by reading the comment that appears just above)
- in mychain.txt only the "BEGIN CERTIFICATE" bloc(s) other than your server certificate (you know it by reading the comment that appears just above)
Warning: If you create your pfx on Microsoft, do not activate the "enhanced security"!
Go further
Last edited on 03/10/2020 14:41:17 --- [search]