[openssl-users] pkcs12 is no encryption possible for certs?

Dr. Stephen Henson steve at openssl.org
Fri Feb 13 20:12:19 UTC 2015

On Fri, Feb 13, 2015, Sean Leonard wrote:

> Using the openssl pkcs12 -export command, is it possible to specify
> a "-certpbe" value that does not do encryption? Perhaps you only
> want integrity protection--you don't care whether the certificates
> are shrouded. The PKCS #12 standard seems to imply that "certBags"
> can be used as-is; however, all examples of PKCS #12 files that I
> have seen encrypt the certificates.

Try -certpbe NONE

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

More information about the openssl-users mailing list