Steps to generate self-signed PKCS#12 SSL certificate and export its keys:
- Generate Private Key From P12 File
- Openssl Private Key From P12
- Public Private Key Encryption
- Openssl Generate Private Key From P12 10
1- Create PKCS#12 keystore (.p12 or .pfx file)
![Openssl generate p12 Openssl generate p12](/uploads/1/2/6/0/126066633/171398687.png)
Aug 05, 2019 Open a command prompt, change the directory to your folder with the configuration file and generate the private key for the certificate: openssl genrsa -out testCA.key 2048. This will create a file named testCA.key that contains the private key. This will be used with the next command to generate your root certificate. In my last post, I explained how to create a self-signed SSL certificate.You can go to the previous article and generate the certificate and private key as we'll be needing it for creating a.
myKeystore.p12
= keystore filename. It can with .pfx extension as well.MY_PASSWORD
= password used for the keystore and the private key as well.CN
= commonName, it will be shown as certiciate name in certificates list.OU
= organizationUnit, department name for example.O
= organizationName, the company name.L
= localityName, the city.S
= stateName, the state.C
= country, the 2-letter code of the country.
Generate Private Key From P12 File
Note: This step can be done using openssl but it's more complicated.
![Private key bitcoin Private key bitcoin](/uploads/1/2/6/0/126066633/443296032.png)
2- Create the public certificate (has the header
-----BEGIN CERTIFICATE-----
):Openssl Private Key From P12
Using
keytool
:Or using
openssl
:Note: Import public-certificate.pem into browsers to trust it. Add it to 'Trusted Root Certification Authorities' certificate store.
Public Private Key Encryption
3- Export the private key (has the header
-----BEGIN PRIVATE KEY-----
):Openssl Generate Private Key From P12 10
4- Export the public key from the private key (has the header
-----BEGIN PUBLIC KEY-----
):