Collectives™ on Stack Overflow
Find centralized, trusted content and collaborate around the technologies you use most.
Learn more about Collectives
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Learn more about Teams
I would like to generate a P12 certificate from a .key and .pem.
I'm running this command and get prompted to enter a export password:
pkcs12 -export -inkey private-key.key -in developer_identity.pem -out iphone_dev.p12
I can't enter a password at this point, it seems that the keyboard input is not recognized.
What do I miss? (I'm new to the Command Line tool and openSSL)
OpenSSL command line app does not display any characters when you are entering your password. Just type it then press enter and you will see that it is working.
You can also use openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12 -password pass:YourPassword to pass the password YourPassword from command line. Please take a look at section Pass Phrase Options in OpenSSL manual for more information.
–
–
–
I know this thread has been idle for a while, but I just wanted to add my two cents to supplement jariq's comment...
Per manual, you don't necessary want to use -password option.
Let's say mykey.key has a password and your want to protect iphone-dev.p12 with another password, this is what you'd use:
pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12 -passin pass:password_for_mykey -passout pass:password_for_iphone_dev
Have fun scripting!!
The selected answer apparently does not work anymore in 2019 (at least for me).
I was trying to export a certificate using openssl (version 1.1.0) and the parameter -password doesn't work.
According to that link in the original answer (the same info is in man openssl), openssl has two parameter for passwords and they are -passin for the input parts and -passout for output files.
For the -export command, I used -passin for the password of my key file and -passout to create a new password for my P12 file.
So the complete command without any prompt was like below:
openssl pkcs12 -export -in /tmp/MyCert.crt -inkey /tmp/MyKey.key -out /tmp/MyP12.p12 -name alias -passin pass:keypassphrase -passout pass:certificatepassword
If you does not want a password, you can use pass: like below:
openssl pkcs12 -export -in /tmp/MyCert.crt -inkey /tmp/MyKey.key -out /tmp/MyP12.p12 -name alias -passin pass: -passout pass:
It will works fine with a key without password and the output certificate will be created without password too.
MacOS High Sierra is very crazy to update openssl command suddenly.
Possible in last month:
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts
MAC verified OK
But now:
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts -password pass:
MAC verified OK
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
