|
It’s the
passwort which protects the p12 file. If you were given a ‘PIN’ for your
pfx file, try that. OpenSSL calls it ‘import
passwort’, because it is importing from p12 format and exporting to pem
format. Two remarks about those three commands: If you omit the
`-nodes` argument in the first command, OpenSSL will ask you for another passwort
to encrypt the private key, which I’d recommend if it’s an important key. The third command is only necessary, if you omitted `-nodes`
in the first step, because otherwise the key already is unencrypted and has no passphrase.
1.
Run the following command to export the private key:
2.
Run the following command to export the certificate:
3.
Run the following command to remove the passphrase from the private key: HTH, Matthias From:
openssl-users <openssl-users-bounces@xxxxxxxxxxx>
On Behalf Of Michael Leone I received a pfx file from one our techs. A pfx file is a cert and key, all in one binary file. He needs me to split it out into the cert and the key, so I can create a new request from that key, and then sign a new cert for him. (no, I don't know why he can't just create a new request. And I would revoke the old cert, except that I am unsure of the details he used in naming it, so I don't know what to revoke .. So I am stuck trying to see if I can help the guy,
by creating a new request from the private key, presuming I can extract the private key ...) Anyways, I found this set of commands
2.
Run the following command to export the private key:
3.
Run the following command to export the certificate:
4.
Run the following command to remove the passphrase from the private key: But I'm asked for an "Import password" .. $ sudo openssl pkcs12 -in requests/DCTRNPS001_cert.pfx -nocerts -out DCTRNPS001_key.pem -nodes And I have no idea what an "import" password is. It's not the password for the private key, so I don't know what it is. Pointers, anyone? --
|
