I need to export a .pfx format certificate (from windows mmc) to .p12 to use in another application. I cant find a way to do this. Can anyone suggest a method?
7 Answers
.p12 and .pfx are both PKCS #12 files. Am I missing something?
Have you tried renaming the exported .pfx file to have a .p12 extension?
I had trouble with a .pfx file with openconnect. Renaming didn't solve the problem. I used keytool to convert it to .p12 and it worked.
keytool -importkeystore -destkeystore new.p12 -deststoretype pkcs12 -srckeystore original.pfx In my case the password for the new file (new.p12) had to be the same as the password for the .pfx file.
4If you are looking for a quick and manual process with UI. I always use Mozilla Firefox to convert from PFX to P12. First import the certificate into the Firefox browser (Options > Privacy & Security > View Certificates... > Import...). Once installed, perform the export to create the P12 file by choosing the certificate name from the Certificate Manager and then click Backup... and enter the file name and then enter the password.
This is more of a continuation of jglouie's response.
If you are using openssl to convert the PKCS#12 certificate to public/private PEM keys, there is no need to rename the file. Assuming the file is called cert.pfx, the following three commands will create a public pem key and an encrypted private pem key:
openssl pkcs12 -in cert.pfx -out cert.pem -nodes -nokeys openssl pkcs12 -in cert.pfx -out cert_key.pem -nodes -nocerts openssl rsa -in cert_key.pem -out cert_key.pem -des3 The first two commands may prompt for an import password. This will be a password that was provided with the PKCS#12 file.
The third command will let you specify the encryption passphrase for the certificate. This is what you will enter when using the certificate.
1Run this command to change .cert file to .p12:
openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt Where server.key is the server key and server.cert is a CA issue cert or a self sign cert file.
first We Have certificate.PFX file
Step1: (Extract Private Key)
openssl pkcs12 -in certificate.pfx -nocerts -out private.key -passin pass:123123 -passout pass:123123 Step2: (Create P12 file)
openssl pkcs12 -export -out ewallet.p12 -inkey private.key -in certificate.cer -passin pass:123123 -passout pass:123123 In my case, I wanted to import a .pfx exported from Entrust and import it into gpgsm. gpgsm did not like that PFX:
$ gpgsm --import name.pfx gpgsm: directory '/home/me/.gnupg' created gpgsm: keybox '/home/me/.gnupg/pubring.kbx' created gpgsm: data error at "pkcs5PBES2-params", offset 134 gpgsm: error at "bag-sequence", offset 49 gpgsm: error parsing or decrypting the PKCS#12 file gpgsm: total number processed: 0 Paul Chan's answer above worked (using Firefox), but I wanted a command line solution.
Inspired by the other answers, I simply tried roundtripping it using openssl pcks12, and it worked:
# Convert pfx to pem $ openssl pkcs12 -in name.pfx -out name.pem # Convert pem to p12 openssl pkcs12 -export -in name.pem -out name.p12 $ gpgsm --import name.p12 gpgsm: 2456 bytes of RC2 encrypted text # ... gpgsm: total number processed: 3 gpgsm: imported: 2 gpgsm: secret keys read: 1 gpgsm: secret keys imported: 1 2