Last modified: Sep 10, 2008 by Calas

Convert a certificate from PKCS12/PEM to PEM/PKCS12 format


 1. Conversion from PKCS12 to PEM
 2. Check (and change) file modes
 3. Read the content of a certificate
 4. Conversion from PEM to PKCS12

1. Conversion from PKCS12 to PEM

To get the private key in the file ~user/.globus/userkey.pem:
> openssl pkcs12  -nocerts -in cert.p12 -out ~user/.globus/userkey.pem
To get the certificate in the file ~user/.globus/usercert.pem:
> openssl pkcs12 -clcerts  -nokeys -in cert.p12 -out ~user/.globus/usercert.pem

2. Check (and change) file modes

chmod 0600 userkey.pem
chmod 0644 usercert.pem

3. Read the content of a certificate

Use te openssl command to read the content of a certificate:
> openssl x509 -text -noout -in usercert.pem

4. Conversion from PEM to PKCS12

If the certificate can be found in usercert.pem and if the private key can be found in userkey.pem, it is possible to generate a PKCS12 file named certif.p12 from these two files using the following command:
> openssl pkcs12 -export -out certif.p12 -inkey userkey.pem -in usercert.pem