Creating a p12 file

Question

Using openssl  I ve created a private key as follows   openssl genrsa -out myKey pem   Then  to generate the csr demanded by the CA  I ve executed the following   openssl req -new -key myKey pem -out cert csr   The CA responded with a certificate which I stored in a file named myCert cer  I d now like to bundle the necessary components  private key  public key    and certificate  into a single  p12  To do so I ve run the following   openssl pkcs12 -export -out keyStore p12 -inkey myKey pem -in myCert cer   but I m getting the following error message   No certificate matches private key   How can I accomplish this

User · Accepted Answer

The openssl documentation says that file supplied as the -in argument must be in PEM format   Turns out that  contrary to the CA s manual  the certificate returned by the CA which I stored in myCert cer is not PEM format rather it is PKCS7   In order to create my  p12  I had to first convert the certificate to PEM   openssl pkcs7 -in myCert cer -print certs -out certs pem   and then execute  openssl pkcs12 -export -out keyStore p12 -inkey myKey pem -in certs pem

User · Answer

I m debugging an issue I m having with SSL connecting to a database  MySQL RDS  using an ORM called  Prisma  The database connection string requires a PKCS12   p12  file  if interested  described here   which brought me here  I know the question has been answered  but I found the following steps  in Github Issue 2676  to be helpful for creating a  p12 file and wanted to share  Good luck   Generate 2048-bit RSA private key  openssl genrsa -out key pem 2048  Generate a Certificate Signing Request  openssl req -new -sha256 -key key pem -out csr csr  Generate a self-signed x509 certificate suitable for use on web servers  openssl req -x509 -sha256 -days 365 -key key pem -in csr csr -out certificate pem  Create SSL identity file in PKCS12 as mentioned here openssl pkcs12 -export -out client-identity p12 -inkey key pem -in certificate pem

[openssl] Creating a .p12 file

Examples related to openssl

Examples related to certificate

Examples related to pkcs#12