How to create pkcs12 truststore using openssl

Question

I can export a Java truststore (JKS file with only certificates, no private key), using the keytool command to a p12 file:

keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -deststoretype PKCS12

However, I can't seem to figure out how I could create the same file using the 'openssl pkcs12' command. It allows you to pass in certificates, but every option I've tried requires the user to pass in the private key.

possible duplicate of [How can I create a .p12 file without a private key?](http://stackoverflow.com/questions/23935820/how-can-i-create-a-p12-file-without-a-private-key) — jariq, Aug 11 '14 at 18:20

score 20 · Answer 1 · answered Aug 11 '14 at 18:20

20

openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx

answered Aug 11 '14 at 18:20

jariq

11,681
3
33
52

How to create pkcs12 truststore using openssl

1 Answers1