Reputation: 800
Convert RSA Private Key / Public Key to .p12
i need to convert a RSA Keypair to .p12 and i am not able to do it. I have tried different approaches using openssl but i am still failing.
I have the following
-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
....
-----END RSA PRIVATE KEY-----
It seems that i am missing the basics... The only thing i get from the Service Provider is the RSA Public and Private Key. The targetlandscape supports .p12 only.
I tried
openssl pkcs12 -export -out DocusignPrivate.p12 -inkey DocusignPrivate.pem -in DocusignPublic.pem
THANKS for your help!
Best regards Martin
Upvotes: 0
Views: 7510
Answers (2)
Reputation: 1167
I had a similar problem. In my case, I was able to get a pem by first creating a P12 and then extracting a new pem file from it. I bet there is a better on-liner out there. I used these commands (substitute your FQHN in the env variable):
export FQHN=DocusignPrivate
openssl pkcs12 -inkey ${FQHN}_private.key -in $(FQHN}.cer -export -out ${FQHN}.p12
openssl pkcs12 -in ${FQHN}.p12 -out ${FQHN}.pem -nocerts -nodes
More out the file. Edit the file to remove the top three lines before the -----BEGIN PRIVATE KEY-----.
Note: I typed in the commands manually, so there might be a typo...so I'd appreciate it if someone could also test the commands - or I try will later. Also, this assumes that the .cer file is your signed X509 certificate.
As a simple check, I used this command to output some info:
openssl rsa -in ${FQHN}.pem -noout -text
Hat Tip: I followed the steps on this question.
Upvotes: 0
Reputation: 39029
This is not a programming or development question or problem, and likely to be voted offtopic, as in recent years with the existence of many other Stacks SO has become more restrictive.
PKCS12 can't store a bare public key; (instead) it stores X.509 certificate(s) which contain a public key. When you don't have a 'real' CA-issued certificate, the common practice is to create a dummy (self-signed) certificate. There are multiple ways to do this, including several with OpenSSL, and probably hundreds of existing Qs and As about them, but the simplest is
openssl req -new -x509 -key $privkey -days 365 -subj "/CN=somename" -out $cert
# adjust days if desired; depending on the software that will use this p12
# and your version of openssl, may need to specify signing hash e.g. -sha256
#
# then use openssl pkcs12 -export -inkey $privkey -in $cert -out $p12
Upvotes: 4
Related Questions
- Convert PEM traditional private key to PKCS8 private key
- Openssl convert .PEM containing only RSA Private Key to .PKCS12
- Convert RSA Public .pem file to pkcs8
- How to change a .p12 file to .key file
- Export Public Key from an p12-file
- Converting SSH2 RSA Private Key to .pem using openssl
- Converting .p12 to .pem in ubuntu
- How to generate RSA public key from private key?
- convert .pem private key to .key format
- Convert RSA public key to RSA DER