Sunday, January 3, 2016

Tip o' the Day - Converting PEM files to PKCS12



Another thing that should be easy but took way too damn long to figure out.  Some of the newer crypto libraries only take pkcs12 keys - which is huge overkill for almost everything.  To convert the mundane PEM format to pkcs12 is a huge pain - you need to have a signing authority to sign the key.  To follow the flow, you can just self-sign the key with the PEM itself.  For instance:

# create a cert from our original ECDSA pem file - dont use a password unless you really need
openssl req -new -x509 -key pem.txt -out damncert.pem -days 730
# can check it just for grins, i'm paranoid
openssl x509 -in damncert.pem -text -noout
# convert the key to pkcs12 and sign with the same key to shut up the convert

openssl pkcs12 -export -out pkcs12_outfile -inkey pem.txt -in damncert.pem


PKCS12 isn't Microsoft's PFX - so this probably won't work with Microsoft's stuff.


SEO rules say I'll get more Google hits with media.  So here's a picture of my cat on a ladder.  :-)

No comments:

Post a Comment