← 返回命令列表

Linux command

openssl-pkcs12 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Create PKCS12 from cert and key

openssl pkcs12 -export -out [certificate.p12] -inkey [private.key] -in [certificate.crt]

Include CA chain

openssl pkcs12 -export -out [cert.p12] -inkey [key.pem] -in [cert.pem] -certfile [ca-chain.pem]

Extract certificate

openssl pkcs12 -in [certificate.p12] -clcerts -nokeys -out [certificate.crt]

Extract private key

openssl pkcs12 -in [certificate.p12] -nocerts -out [private.key]

Extract all to PEM

openssl pkcs12 -in [certificate.p12] -out [all.pem] -nodes

说明

openssl pkcs12 creates and parses PKCS#12 files (.p12, .pfx). These files bundle private keys, certificates, and CA chains into a single encrypted file. Commonly used for importing/exporting certificates in browsers and applications.

参数

-export
Create PKCS12 file.
-in _file_
Input file.
-out _file_
Output file.
-inkey _file_
Private key file.
-certfile _file_
Additional certificates.
-nokeys
Don't output keys.
-nocerts
Don't output certs.
-nodes
Don't encrypt output.
-name _name_
Friendly name.
-password _arg_
Input/output PKCS#12 password source (e.g., `pass:secret`, `file:path`, `env:VAR`, `stdin`).
-passin _arg_, -passout _arg_
Separate input / output password sources.
-legacy
Use legacy algorithms for compatibility with older software (OpenSSL 3+).
-clcerts
Output client certificates only (exclude CAs).
-info
Print information about the PKCS#12 file's structure.

FAQ

What is the openssl-pkcs12 command used for?

openssl pkcs12 creates and parses PKCS#12 files (.p12, .pfx). These files bundle private keys, certificates, and CA chains into a single encrypted file. Commonly used for importing/exporting certificates in browsers and applications.

How do I run a basic openssl-pkcs12 example?

Run `openssl pkcs12 -export -out [certificate.p12] -inkey [private.key] -in [certificate.crt]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -export do in openssl-pkcs12?

Create PKCS12 file.