In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.[1]
A PKCS #12 file may be encrypted and signed. The internal storage containers, called "SafeBags", may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer's choice. [2][3]
PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories.
The filename extension for PKCS #12 files is ".p12" or ".pfx".[4]
These files can be created, parsed and read out with the OpenSSL pkcs12 command.
Refer the below to generate a PKCS#12 file containing the SSL server certificate and key, as well as the corresponding server certification CA trust chain file
$ openssl req -x509 -nodes -days 3650 -subj "/CN=idgovserver1.idc.oracle.com" -newkey rsa:2048 -keyout "idgovserver1.idc.oracle.com.key" -out "idgovserver1.idc.oracle.com.cer" server1.idc.oracle.com.key" -out "idgovserver1.idc.oracle.com.cer"
Generating a 2048 bit RSA private key
..............+++
...............................+++
writing new private key to 'idgovserver1.idc.oracle.com.key'
-----
$ ls
idgovserver1.idc.oracle.com.cer idgovserver1.idc.oracle.com.key
$openssl pkcs12 -export -out "idgovserver1.idc.oracle.com.pfx" -inkey "idgovserver1.idc.oracle.com.key" -in "idgovserver1.idc.oracle.com.cer" -certfile "idgovserver1.idc.oracle.com.cer"
Enter Export Password:#####
Verifying - Enter Export Password:#####
$ ls
idgovserver1.idc.oracle.com.cer idgovserver1.idc.oracle.com.key idgovserver1.idc.oracle.com.pfx
No comments:
Post a Comment