Menu
I'm trying to understand the difference between these two commands:
openssl pkcs12 -in my-certificate.pfx -out my-certificate.pem -cacerts
openssl pkcs12 -in my-certificate.pfx -out my-certificate.pem -clcerts
My understanding is that -cacert will just contain the root certificate while -clcerts will include the complete certificate chain. Is this correct?
I want to be able to extract the complete certificate chain from the pfx file, and Not sure if this is the right way to do it.
Thanks.
242
according to the documentation,
-clcerts only output client certificates (not CA certificates).
-cacerts only output CA certificates (not client certificates).
https://www.openssl.org/docs/man1.0.2/man1/pkcs12.html
147
To extract complete certificate chain from pfx file use:
openssl pkcs12 -in my-certificate.pfx -chain -nokeys -out my-certificate.pem
33
answered Nov 12 '25 08:11
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
