3

I used Openssl to create a PKCS12 .p12 container storing a private key, server certificate and a CACertificate (Self signed) and I was able to export/parse the same successfully.

But I want to know how I can add more than one Private key to the same container. For example - I have 2 sets of server certificate and 2 private keys that I need add to the single .p12 container. From that .p12 container I want to parse and extract both private keys separately along with 2 server certificates.

In this link, it is mentioned that it is possible to do so but there are no answers on how to achieve it.

How can I achieve this? How can I save private keys(PK1 and PK2) and Server certs (C1, C2) into .p12 and extract them using OpenSsl?

President James K. Polk
  • 40,516
  • 21
  • 95
  • 125
Arun kumar R
  • 235
  • 3
  • 12
  • If you found the solution please share, I am looking same thing you post here – usman mehmood Jul 14 '20 at 16:29
  • I was not able to find the openssl command to achieve the above, But this can be achieved in JAVA and below is my Java implementation for the same. final KeyStore store = KeyStore.getInstance("PKCS12"); store.load(null, null); store.setKeyEntry("alias1",serverPrivKey, null, chainOfCertificates1); store.setKeyEntry("alias2",clientPrivKey, null, chainOfCertificates2); store.store(fOut, "password");store.load(null, null); This exported a P12 with server and client certificates in the same P12 file. – Arun kumar R Aug 24 '20 at 07:56
  • Openssl only supports a single key from the command line. see : https://en.wikipedia.org/wiki/PKCS_12#:~:text=In%20cryptography%2C%20PKCS%20%2312%20defines%20an%20archive%20file,PKCS%20%2312%20file%20may%20be%20encrypted%20and%20signed. PKCS12 format does support multiple keys, you just can't do it from the "openssl pkcs12" command line. Although not obvious, you can enter multiple certificates from the command line using the -certfile option. The certfile can contain multiple certificates inside it. If you have your each extra certificate in a single file, concatenate them. – Tom Rutchik Sep 19 '22 at 18:49

0 Answers0