Menu
You can view the contents of a p12 key by installing OpenSSL, an open-source cryptography toolkit, and entering the command openssl pkcs12 -info -nodes -in yourfilename. p12 at your PC's command line.
You can check the expiration of the certificate (for example to help troubleshoot certificate issues). Open a UNIX command line window. Enter a query openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -dates .
You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command:
openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes
Then, you can extract the expiration date from the certificate in the .pem file using the following command:
cat certificate.pem | openssl x509 -noout -enddate
You can make the first answer a one-liner without using the intermediate file:
openssl pkcs12 -in certificate.p12 -nodes | openssl x509 -noout -enddate
Extract the client certificate from the pkcs12 file and print its end date:
openssl pkcs12 -in certificate.p12 -clcerts -nodes | openssl x509 -noout -enddate
If you do not include the -clcerts option you may get the end date from a CA certificate instead of from your own certificate. Several CA certificates are usually included within the file as part of the chain of trust.
Here's how you do it on Windows:
certutil -dump "file.pfx"
P.S. I know the question specifically mentions Mac, this is just in case Google sends you here (like it sent me).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With