Menu
I'm trying to create a .p12 file that does not contain a valid identity (public key / private key pair) in order to test my app's certificate import functionality. Is it possible to do this with the openssl tool?
I've tried
openssl pkcs12 -in client-certonly.pem -export -out client-certonly.p12 but I get an error:
unable to load private key 471:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-50/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY If it isn't possible to do this with openssl, is there another tool I can use?
670
pfx is always bundled with a private key. Most of the Certificate Authorities will not issue certificates with the private key.
The . p12 contains both the private and the public key, and also information about the owner (name, email address, etc. ) all being certified by a third party. With such certificate, a user can identify himself and authenticate himself to any organization trusting the third party.
Run the DigiCert® Certificate Utility for Windows (double-click DigiCertUtil). In the Certificate Export wizard, select Yes, export the private key, select pfx file, and then check Include all certificates in the certification path if possible, and finally, click Next. A . pfx file uses the same format as a .
There is a very handy GUI tool written in java called portecle which you can use for creation of an empty PKCS#12 keystore and also for an import of the certificate without the private key into the PKCS#12 keystore - this functionality is available under "Import trusted certificate (Ctrl-T)" button.
However if you insist on using OpenSSL you can use this command:
openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
