SSL: Difference between revisions
Jump to navigation
Jump to search
| Line 5: | Line 5: | ||
Say you have a private key / certificate file <tt>mycert.pfx</tt>, and you want to change its password: |
Say you have a private key / certificate file <tt>mycert.pfx</tt>, and you want to change its password: |
||
<source lang=bash> |
<source lang=bash> |
||
# Strangely we cannot pipe output of 1st command into 2nd (error 'No certificate matches private key') |
|||
# Use -nodes (no DES) to produce a .pem file without encrypting the private key at all |
|||
openssl pkcs12 -in mycert.pfx -nodes |
openssl pkcs12 -in mycert.pfx out mycert.pem -nodes # Don't encrypt private key at all |
||
</source> |
|||
For information, the output of the first ''pkcs12'' invocation parses the pkcs#12 file into a format called '''.pem'''. So one can also produce a pkcs12 file from a .pem file with: |
|||
<source lang=bash> |
|||
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx |
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx |
||
rm mycert.pem # DON'T FORGET THIS! |
|||
</source> |
</source> |
||
Revision as of 22:25, 29 February 2012
Checking Certificate Chain with OpenSSL
Checking A Remote Certificate Chain With OpenSSL
Change .p12 / .pfx password
Say you have a private key / certificate file mycert.pfx, and you want to change its password:
# Strangely we cannot pipe output of 1st command into 2nd (error 'No certificate matches private key')
openssl pkcs12 -in mycert.pfx out mycert.pem -nodes # Don't encrypt private key at all
openssl pkcs12 -export -in mycert.pem -out mycert-new.pfx
rm mycert.pem # DON'T FORGET THIS!