Do you of some reason need to convert a P12 certificate to a P8 certificate?
This is how you can do that.
Step 1.
openssl pkcs12 -in certificate.p12 -out certificate.pem -clcerts -nokeysStep 2
openssl pkcs12 -in certificate.p12 -out key.pem -nocerts -nodesStep 3
openssl pkcs8 -topk8 -inform PEM -outform PEM -in in.key -out out.pkcs8 -v1 PBE-MD5-DESAre you in need of PFX file, or as some people will say a P12 (pkcs12).
What do you need to do to perform this convert?
First off you need Openssl. Then you need crt file and the key file.
After that is just run this command below to convert to PFX with OpenSSL
openssl pkcs12 -export -out application-company-domain.pfx -inkey application-company-domain.key -in application-company-domain.crt
If you are not sure about the password to the key file, to test the key is valid with a password you have, try this command.
openssl rsa -in application-company-domain.key
There you have some other post about OpenSSL
Start cmd as admin
Then navigate and start OpenSSL
After started OpenSSL have key and CRT file in the same folder
Run this command:
pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
Create Pfx12 file
You need a cer file do this
pkcs12 -export -out C:\OpenSSL\bin\star-domain-com.pfx -inkey C:\OpenSSL\bin\star-domain-se.key -in C:\OpenSSL\bin\star-domain-com.cer
What is in the SSL certificate?
An SSL Certificate contains your Distinguished Name information to help establish trust online. Extended Validation SSL Certificates display the information near the address bar in high-security browsers
Don’t forget to check out how if you not sure
how to get started or create CSR file.
How to create a CNF file
——————Copy under this line to a cnf file——————
[req]
req_extensions
= v3_req
distinguished_name = req_distinguished_name
[req_distinguished_name]
countryName = EN
stateOrProvinceName = CITY
localityName = CITY-AREA
organizationalUnitName = Company name
commonName = something.domain.com
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = dns1.domain.com
DNS.2 = dns2.domain.com
——————Copy above this line to a cnf file——————
Save the information in to cnf file place it same place ass openssl file
In this exemple its named:something-domain-com.cnf
Command to run in opensll
req -new -newkey rsa:2048 -nodes -keyout something-domain-com.key -out something-domain-com.csr -config something-domain-com.cnf
Check your CRS file looks good at CSR Decoder
Download OpenSSL
Click on C:\openssl\bin\openssl.exe (if you run it in Windows)
(you might want you to copy openssl.cnf from c:\openssl\bin to c:\openssl)
run this command: req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
example: req –new newkey rsa:2048 –nodes –keyout star-something-domain-com.key –out star-something-domain-com.csr
Note you can do this over if something goes wrong, it’s just a local file so far
. = blank
Next step for example Godaddy wants the CSR code so
Open CSR file with notepad och copy it and paste it on the homepage
Don’t forget to read about how to create CNF file to make it easier to create CRS files.
Check your CRS file looks good at CSR Decoder
