Wednesday, March 28, 2012 12:00:58 PM
openssl pkcs12 -export -in ecls.crt -inkey ecls.key -out ecls.p12 -name ecls -noiter -nomaciter
however WAS doesn't understand key store created with openssl - use ikeyman instead.
2. convert certificate from PEM to DER encoding
openssl x509 -in ecls.pem -inform PEM -out ecls.der -outform DER
3. list private keys in PKCS#12 key store
openssl pkcs12 -in ecls.p12 -nocerts -nodes
to view key store contents you're required to enter password.
4. create self-signed certificate
opr7.key - my private key
opr7.csr - my CSR
opr7.crt - my certificate
opr7.p12 - my PKCS#12 store
- generate private key
openssl genrsa -des3 -out certs/opr7.key 1024
openssl genrsa -out certs/opr7.key 1024
- create CSR (you can omit subj paramater and input DN information in interactive mode):
openssl req -new -key certs/opr7.key -out certs/opr7.csr -subj "/C=RU/ST=Tula/O=My Organization/CN=opr7.ecls.org"
- create self-signed certificate:
openssl x509 -req -days 365 -in certs/opr7.csr -signkey certs/opr7.key -out certs/opr7.crt
- create PKCS#12 store (you'll be prompted to enter password for PKCS#12 store):
openssl pkcs12 -export -in certs/opr7.crt -inkey certs/opr7.key -out certs/opr7.p12 -name "My Name"