I would like to generate a P12 certificate from a .key and .pem. I'm running this command and get prompted to enter a export password:
pkcs12 -export -inkey private-key.key -in developer_identity.pem -out iphone_dev.p12
I can't enter a password at this point, it seems that the keyboard input is not recognized.
What do I miss? (I'm new to the Command Line tool and openSSL)
This question is related to
command-line
passwords
openssl
The selected answer apparently does not work anymore in 2019 (at least for me).
I was trying to export a certificate using openssl (version 1.1.0) and the parameter -password
doesn't work.
According to that link in the original answer (the same info is in man openssl
), openssl has two parameter for passwords and they are -passin
for the input parts and -passout
for output files.
For the -export
command, I used -passin
for the password of my key file and -passout
to create a new password for my P12 file.
So the complete command without any prompt was like below:
openssl pkcs12 -export -in /tmp/MyCert.crt -inkey /tmp/MyKey.key -out /tmp/MyP12.p12 -name alias -passin pass:keypassphrase -passout pass:certificatepassword
If you does not want a password, you can use pass:
like below:
openssl pkcs12 -export -in /tmp/MyCert.crt -inkey /tmp/MyKey.key -out /tmp/MyP12.p12 -name alias -passin pass: -passout pass:
It will works fine with a key without password and the output certificate will be created without password too.
I know this thread has been idle for a while, but I just wanted to add my two cents to supplement jariq's comment...
Per manual, you don't necessary want to use -password
option.
Let's say mykey.key
has a password and your want to protect iphone-dev.p12
with another password, this is what you'd use:
pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12 -passin pass:password_for_mykey -passout pass:password_for_iphone_dev
Have fun scripting!!
MacOS High Sierra is very crazy to update openssl command suddenly.
Possible in last month:
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts
MAC verified OK
But now:
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts -password pass:
MAC verified OK
Source: Stackoverflow.com