Can anyone tell me the correct way/command to extract/convert the certificate .crt file from a .p12 file? After I searched. I found the way how to convert .pem to .crt. but not found .p12 to .crt.
Asked
Active
Viewed 8.2k times
2 Answers
40
Try with given command
openssl pkcs12 -in filename.p12 -clcerts -nokeys -out filename.crt
Mesar ali
- 1,832
- 2
- 16
- 18
10
You tagged 'keytool'. If you mean Java keytool, which is not the only one, it can do this:
keytool -keystore in.p12 -storetype pkcs12 -exportcert -file out.crt -rfc -alias $name
# for java9 up omit -storetype pkcs12 -- it's now default
# -rfc gives PEM form; omit for DER form
# can omit -alias $name if 'friendlyname' is mykey --
# but that's likely only for stores created _with_ keytool
# because other tools and users mostly don't use that name
(but personally I'd use openssl as in crack_it's answer).
Cephalopod
- 14,632
- 7
- 51
- 70
dave_thompson_085
- 34,712
- 6
- 50
- 70
-
_Why_ would you use openssl instead of Java keytool? It's a far more common tool on the windows side. And how can you export the .key file from the .p12 using java keytool? – duct_tape_coder Jun 27 '19 at 15:58
-
@duct_tape_coder: I'm not quite clear which you say is common, but I've not seen Java preinstalled on any Windows since 98, or OpenSSL ever. And IME many enterprise environments (business, government, etc) prohibit Java on client machines because it was a nearly continous source of security vulnerabilities and breaches for 20 years (although conversely some _require_ it for inhouse apps), while I've never seen a specific ban on OpenSSL (though it is covered by any blanket ban). Anyway, `keytool` cannot export privatekeys; this Q is only for the cert, which is why I gave this answer. – dave_thompson_085 Jun 28 '19 at 15:41