PKCS #12
Filename extension
Internet media type
Uniform Type Identifier (UTI)0
Developed byRSA Security
Initial release1996
Latest release
Type of formatArchive file format
Container forX.509 public key certificates, X.509 private keys, X.509 CRLs, generic data
Extended fromMicrosoft PFX file format
  1. Pem To P12 Linux
  2. Pem P12 Water
  3. Pem P12 Crt
  4. Create P12 From Pem
  5. Openssl Pem To P12

Sometimes, you might want to convert your.p12 certificate file into.pem file (Personal Information Exchange), so that it can be used in grid computing environments or even in a Netscaler gateway. This tutorial will explain how to convert PFX file to PEM using Win32 OpenSSL utility on Windows operating system. Nov 20, 2018 p12证书转pem证书 p12证书转Pem. 为什么能转?很重要 p12 里面包含 证书 和 私钥 pem 里面也可以包含 证书和 私钥 所以只是格式(p12是二进制, pem是Ascii)不同, 本质是一样的.

In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.

A PKCS #12 file may be encrypted and signed. The internal storage containers, called 'SafeBags', may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer's choice.[1][2]

PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories.

The filename extension for PKCS #12 files is .p12 or .pfx.[3]

These files can be created, parsed and read out with the OpenSSLpkcs12 command.[4]

Relationship to PFX file format[edit]

PKCS #12 is the successor to Microsoft's 'PFX';[5]however, the terms 'PKCS #12 file' and 'PFX file' are sometimes used interchangeably.[3][4][6]

The PFX format has been criticised for being one of the most complex cryptographic protocols.[6]

Normal usage[edit]

The full PKCS #12 standard is very complex. It enables buckets of complex objects such as PKCS #8 structures, nested deeply. But in practice it is normally used to store just one private key and its associated certificate chain.

PKCS #12 files are usually created using OpenSSL, which only supports a single private key from the command line interface. The Java keytool can be used to create multiple 'entries' since Java 8, but that may be incompatible with many other systems. As of Java 9, PKCS #12 is the default keystore format.[7][8]

A simpler, alternative format to PKCS #12 is PEM which just lists the certificates and possibly private keys as Base 64 strings in a text file.

GnuTLS's certtool may also be used to create PKCS #12 files including certificates, keys, and CA certificates via --to-p12. However, beware that for interchangeability with other software, if the sources are in PEM Base64 text, then --outder should also be used.

Pem To P12 Linux


  1. ^'PKCS #12: Personal Information Exchange Syntax Standard'. RSA Laboratories. Archived from the original on 2017-04-17. This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc.
  2. ^'PKCS 12 v1.0: Personal Information Exchange Syntax'(PDF). RSA Laboratories. 1999-06-24. Retrieved 2020-01-16.
  3. ^ abMichel I. Gallant (March 2004). 'PKCS #12 File Types: Portable Protected Keys in .NET'. Microsoft Corporation. Retrieved 2013-03-14. All Windows operating systems define the extensions .pfx and .p12 as Personal Information Exchange, or PKCS #12, file types.CS1 maint: discouraged parameter (link)
  4. ^ ab'openssl-cmds: pkcs12'. OpenSSL Project. 2019. Retrieved 2020-01-16. The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed.CS1 maint: discouraged parameter (link)
  5. ^Peter Gutmann (August 2002). 'Lessons Learned in Implementing and Deploying Crypto Software'(PDF). The USENIX Association. Retrieved 2020-01-16. In 1996 Microsoft introduced a new storage format [...] called PFX (Personal Information Exchange) [...] it was later re-released in a cleaned-up form as PKCS #12CS1 maint: discouraged parameter (link)
  6. ^ abPeter Gutmann (1998-03-12). 'PFX - How Not to Design a Crypto Protocol/Standard'. Retrieved 2020-01-16.CS1 maint: discouraged parameter (link)
  7. ^'JEP 229: Create PKCS12 Keystores by Default'. OpenJDK JEPs. Oracle Corporation. 2014-05-30.
  8. ^Ryan, Vincent (2014-05-30). 'Bug JDK-8044445: Create PKCS12 Keystores by Default'. JDK Bug System.

External links[edit]

  • RFC7292 - PKCS #12: Personal Information Exchange Syntax v1.1
  • 'PKCS #12: Personal Information Exchange Syntax Standard'. RSA Laboratories. Archived from the original on 2017-04-17. This standard specifies a portable format for storing or transporting a user's private keys, certificates, miscellaneous secrets, etc.

Pem P12 Water

  • Overview about PKCS#12 capabilities, usage, implementations, history and future: Ryan Hurst and Yury Strozhevsky (2015-12-02). 'The PKCS#12 standard needs another update'. Archived from the original on 2017-03-03.

Retrieved from ''

You have a private key file in an openssl format and have received your SSL certificate. You'd like now to create a PKCS12 (or .pfx) to import your certificate in an other software?

Here is the procedure!

  • Find the private key file (xxx.key) (previously generated along with the CSR).
  • Download the .p7b file on your certificate status page ('See the certificate' button then 'See the format in PKCS7 format' and click the link next to the diskette).
  • a) Convert this file into a text one (PEM):

    On Windows, the OpenSSL command must contain the complete path, for example:
    c:openssl-win32binopenssl.exe ...)

  • b) Now create the pkcs12 file that will contain your private key and the certification chain:

    You will be asked to define an encryption password for the archive (it is mandatory to be able to import the file in IIS). You may also be asked for the private key password if there is one!

Pem P12 Crt

You can now use the file file final_result.p12 in any software that accepts pkcs12! For IIS, rename the file in .pfx, it will be easier.

Alternatively, if you want to generate a PKCS12 from a certificate file (cer/pem), a certificate chain (generally pem or txt), and your private key, you need to use the following command:

Linked Documentation:

Create P12 From Pem

Last edited on 11/02/2018 10:04:53 --- [search]

Openssl Pem To P12

© TBS INTERNET, all rights reserved. All reproduction, copy or mirroring prohibited. Legal notice. -- Powered by anwiki
Coments are closed

Most Viewed Posts

  • Xbox Series S Retroarch
  • Hololive Discord
  • New Hindi Movies On Prime Video
  • Tweakbox Ios 14

Scroll to top