Generating PFX with 3DES

Newbie User n3wbie001 at
Wed Mar 1 14:32:22 UTC 2023

Thank you Michael, will check and verify. I also saw a keypbe option. Do we
have any official docs for all these? Didn't see anything explained in
OpenSSL docs for this.

Also why isn't it by default 3DES as RC2 is deprecated long time back.


On Tue, Feb 28, 2023, 11:36 PM Michael Wojcik <Michael.Wojcik at>

> > From: openssl-users <openssl-users-bounces at> On Behalf Of
> Newbie User
> > Sent: Tuesday, 28 February, 2023 10:22
> > I was trying to generate a PFX file from cert.pem and key.pem, however
> it seems that default OpenSSL
> > still using RC2 for PKCS7 data type.
> Specify a different PBE for the certificate with the -certpbe option. For
> example:
> $ openssl pkcs12 -export -inkey key.pem -in cert.pem -certpbe
> PBE-SHA1-3DES -out output.pfx
> ("PFX" is an archaic format which has been superseded by PKCS#12, so
> personally I eschew that file suffix, but it really doesn't matter.) This
> works for me using OpenSSL 3.0.8.
> You can use
> $ openssl pkcs12 -in output.pfx -info -noout
> to verify the PBE used for the certificate and key.
> --
> Michael Wojcik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list