Openssl convert .PEM containing only RSA Private Key to .PKCS12

Question

Currently I have a .PEM file containing only a private key. I need to convert this file into a .PKCS12 file. Currently I'm trying to use openssl to achieve this and I'm running into some problems.

The .PEM file I'm using is of the form:

-----BEGIN RSA PRIVATE KEY-----

Some key

-----END RSA PRIVATE KEY-----

I use the following Openssl command to attempt to convert this .PEM file into a .PKCS12:

openssl pkcs12 -export -inkey file.pem -out file.p12

The console then hangs with the message:

Loading 'screen' into random state -done

What am Im doing wrong?

Any help would be appriciated.

So far you've only accepted one answer to any of your questions, and that was your own answer! — President James K. Polk, Jun 12 '12 at 11:46
The pkcs12 file typically contains a certificate chain plus the private key for the leaf certificate of the chain. In its simplest form it contains one self-signed certificate plus the associated private key. You need to create a certificate with your public key, and that certificate must contain the fields that your consuming application is expecting. — President James K. Polk, Jun 12 '12 at 11:50

score 45 · Answer 1 · edited Aug 29 '13 at 18:44

45

I ran into this problem and resolved it by adding the -nocerts option after export. My guess regarding the cause of the "freeze up" is that openssl is probably trying to read additional input from the console.

openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12

edited Aug 29 '13 at 18:44

Sliq

15,937
27
110
143

answered Aug 29 '13 at 18:25

beaudet

886
1
10
13

@sliq..could you please have a look on my question ? http://stackoverflow.com/questions/41149979/pem-key-generation-format-encoding-errors – Joseph Wahba Dec 14 '16 at 21:08

score 8 · Answer 2 · edited Jul 05 '23 at 20:49

8

I think you have to provide the certificate as well, not only the private key:

openssl pkcs12 -export -inkey privatekey.pem -in certificate.cer -out
bothAsPKCS12.p12

edited Jul 05 '23 at 20:49

JoSSte

2,953
6
34
54

answered Nov 22 '16 at 15:02

Romeo Kienzler

3,373
3
36
58

True. In my experience, `-in` (e.g. .cer/.crt) and `-inkey` (e.g. .key) must be provided. – aff Jan 26 '17 at 11:08

Openssl convert .PEM containing only RSA Private Key to .PKCS12

2 Answers2

Linked

Related