[openssl-users] exporting the certificate with the .pfx
Viktor Dukhovni
openssl-users at dukhovni.org
Sat Jun 16 00:08:53 UTC 2018
> On Jun 15, 2018, at 7:25 PM, Harold Huggins <director at CforED.com> wrote:
>
> We are having issues exporting the certificate with the .pfx
Works here.
$ openssl req -new -x509 -newkey rsa:1024 -nodes -keyout key.pem -out cert.pem -days 30 -subj "/CN=$(uname -n)"
Generating a 1024 bit RSA private key
............................++++++
.................................................++++++
writing new private key to 'key.pem'
-----
$ openssl pkcs12 -export -out chain.p12 -inkey key.pem -in cert.pem \
-passout pass:foobar -certpbe aes-128-cbc -keypbe aes-128-cbc
$ openssl pkcs12 -info -in chain.p12 -passin pass:foobar -passout pass:foobar
MAC Iteration 2048
MAC verified OK
PKCS7 Encrypted data: PBES2, PBKDF2, AES-128-CBC, Iteration 2048, PRF hmacWithSHA1
Certificate bag
Bag Attributes
localKeyID: F7 AC 6C BE 62 B1 CC 80 C7 AC DC B4 9F 85 C6 19 C6 F7 4B 0F
subject=/CN=amnesiac.example
issuer=/CN=amnesiac.example
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
PKCS7 Data
Shrouded Keybag: PBES2, PBKDF2, AES-128-CBC, Iteration 2048, PRF hmacWithSHA1
Bag Attributes
localKeyID: F7 AC 6C BE 62 B1 CC 80 C7 AC DC B4 9F 85 C6 19 C6 F7 4B 0F
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
--
Viktor.
More information about the openssl-users
mailing list