0

I generated a private key using commend:

openssl genrsa -out privKey.pem

Now I want to export this key to file with extension .p12, so I used commend:

openssl pkcs12 -export -inkey privKey.pem -out key.p12 -name "MyPrivKey"

but when I try to run this commend via commend line, I have no results (it's running all time and doesn't stop), and when I open the file .p12 I have message: 

Could not display 'key.p12'
Reason: Unrecognized or unsupported data.

Can someone explain me, what I am doing wrong?

Rop
  • 217
  • 2
  • 12

2 Answers2

1

You need to generate an crt file too.

openssl req -x509 -nodes -newkey rsa:2048 -days 1825 -out cert.crt -keyout key.key

then

openssl pkcs12 -export -inkey key.key -in cert.crt -out export.p12

if you have a CA file will be

openssl pkcs12 -export -inkey key.key -in cert.crt -certfile ca.crt -out export.p12
Pavel Delgado
  • 99
  • 1
  • 10
  • Can you suggest how to do that when I want to have a 128 bits key? Because creating certificate for 128 bits privatekey return errors. – Rop Mar 17 '14 at 01:01
  • i think will be "openssl req -x509 -nodes -newkey rsa:1024 -days 1825 -out cert.crt -keyout key.key" or "openssl req -x509 -nodes -newkey rsa:128 -days 1825 -out cert.crt -keyout key.key" but i am not sure.. – Pavel Delgado Mar 17 '14 at 01:12
0

You need a certificate as well as your private key to convert it to PKCS#12. See the manual: https://www.openssl.org/docs/apps/pkcs12.html#FILE_CREATION_OPTIONS

TimWolla
  • 31,849
  • 8
  • 63
  • 96