SSL: Difference between revisions

From miki
Jump to navigation Jump to search
Line 5: Line 5:
Say you have a private key / certificate file <tt>mycert.pfx</tt>, and you want to change its password:
Say you have a private key / certificate file <tt>mycert.pfx</tt>, and you want to change its password:
<source lang=bash>
<source lang=bash>
# Strangely we cannot pipe output of 1st command into 2nd (error 'No certificate matches private key')
# Use -nodes (no DES) to produce a .pem file without encrypting the private key at all
openssl pkcs12 -in mycert.pfx -nodes | openssl pkcs12 -export -out mycert-new.pfx
openssl pkcs12 -in mycert.pfx out mycert.pem -nodes # Don't encrypt private key at all
</source>
For information, the output of the first ''pkcs12'' invocation parses the pkcs#12 file into a format called '''.pem'''. So one can also produce a pkcs12 file from a .pem file with:
<source lang=bash>
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx
rm mycert.pem # DON'T FORGET THIS!
</source>
</source>

Revision as of 22:25, 29 February 2012

Checking Certificate Chain with OpenSSL

Checking A Remote Certificate Chain With OpenSSL

Change .p12 / .pfx password

Say you have a private key / certificate file mycert.pfx, and you want to change its password:

# Strangely we cannot pipe output of 1st command into 2nd (error 'No certificate matches private key')
openssl pkcs12 -in mycert.pfx out mycert.pem -nodes         # Don't encrypt private key at all
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx
rm mycert.pem                                               # DON'T FORGET THIS!