openssl: Generate a pkcs12 with 2 certificates

Question

I need to build a PKCS12 file (.p12) including 2 certificats, one auto-signed CA and another one which was signed by this CA.

I was trying to build it with OpenSSL but i get nothing.

Thank you

Answer 1

PKCS12 format is commonly used to archive a private key with X.509 certificates. So you must have those key or certificates in advance.

Suppose you already have an auto-signed CA cerificicate(X.509 format) named ca.crt and a user's certificate(X.509 format) named user.crt which is signed by the CA. Also, you have the user's private key named user.key

Use following command to produce a pkcs12 file:

openssl pkcs12 -export -out user.p12 -inkey user.key -in user.crt -certfile ca.crt

Other available arguments:

-name：the file's name; shown when someone imports the pkcs12 file

Answer 2

Please refer the documentation of OpenSSL PKCS12 here.

Under file creation, see -CAfile option.

I think you need to use this option.