Converting PKCS#12 certificate into PEM using OpenSSL
回答1
Try:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
After that you have:
- certificate in newfile.crt.pem
- private key in newfile.key.pem
To put the certificate and key in the same file without a password, use the following, as an empty password will cause the key to not be exported:
openssl pkcs12 -in path.p12 -out newfile.pem -nodes
Or, if you want to provide a password for the private key, omit -nodes and input a password:
openssl pkcs12 -in path.p12 -out newfile.pem
If you need to input the PKCS#12 password directly from the command line (e.g. a script), just add -passin pass:${PASSWORD}:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys -passin 'pass:P@s5w0rD'
如果.p12文件被密码保护的话,就是用如下格式的命令,分别导出crt和key
openssl pkcs12 -in chuck.p12 -out newfile.crt.pem -clcerts -nokeys -password pass:mypassword
openssl pkcs12 -in chuck.p12 -out newfile.key.pem -nocerts -nodes -password pass:mypassword