On Fri, Feb 13, 2015, Sean Leonard wrote: > Using the openssl pkcs12 -export command, how can one specify a > different friendlyName attribute for the private key? > > For example, consider the command: > openssl pkcs12 -export -out pkcs12.p12 -name "sean key 2015" -inkey > key.txt -in user.crt -name "sean user cert 2015" -certfile > othercerts.txt > I'm curious as to why you want to do this. If no friendlyname is specified on the command line an "alias" associated with the certificate is used instead. You can associate an alias with a certificate like this: openssl x509 -in cert.pem -setalias "some name" -out newcert.pem Unfortunately the -name option specified on the command line will also be used even if there is an alias present. You can change this by looking in crypto/pkcs12/p12_crt.c in the function PKCS12_create. Comment out the following lines: if (name && !PKCS12_add_friendlyname(bag, name, -1)) goto err; Then you can specify the certificate friendlyname using the alias and the private key friendly name using the command line -name option. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org