SSL: Difference between revisions
Jump to navigation
Jump to search
Line 9: | Line 9: | ||
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx |
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx |
||
rm mycert.pem # DON'T FORGET THIS! |
rm mycert.pem # DON'T FORGET THIS! |
||
</source> |
|||
== Extract key from .p12/ .pfx == |
|||
* <code>openssl pkcs12</code> takes a file in pkcs#12 format (.p12/.pfx) and produces a file in PEM format, that is parseable with <code>openssl rsa</code>. The PEM may contain either private key, certificates, root certificates or even public keys. |
|||
<source lang=bash> |
|||
openssl pkcs12 -in mycert.pfx -out mycert.pem -nocerts -nodes # Don't encrypt private key at all, don't output certificates |
|||
openssl rsa -noout -modulus -in mycert.pem # To extract the modulus |
|||
openssl rsa -noout -text -in mycert.pem # To extract all the fields |
|||
</source> |
</source> |
Revision as of 14:36, 4 March 2015
Checking Certificate Chain with OpenSSL
Checking A Remote Certificate Chain With OpenSSL
Change .p12 / .pfx password
Say you have a private key / certificate file mycert.pfx, and you want to change its password:
# Strangely we cannot pipe output of 1st command into 2nd (error 'No certificate matches private key')
openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes # Don't encrypt private key at all
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx
rm mycert.pem # DON'T FORGET THIS!
Extract key from .p12/ .pfx
openssl pkcs12
takes a file in pkcs#12 format (.p12/.pfx) and produces a file in PEM format, that is parseable withopenssl rsa
. The PEM may contain either private key, certificates, root certificates or even public keys.
openssl pkcs12 -in mycert.pfx -out mycert.pem -nocerts -nodes # Don't encrypt private key at all, don't output certificates
openssl rsa -noout -modulus -in mycert.pem # To extract the modulus
openssl rsa -noout -text -in mycert.pem # To extract all the fields