How to create pkcs12 truststore using openssl

openssl keystore keytool pkcs#12
Matt Hughes picture Matt Hughes · Aug 11, 2014 · Viewed 13.9k times · Source

I can export a Java truststore (JKS file with only certificates, no private key), using the keytool command to a p12 file:

keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -deststoretype PKCS12

However, I can't seem to figure out how I could create the same file using the 'openssl pkcs12' command. It allows you to pass in certificates, but every option I've tried requires the user to pass in the private key.

Answer

jariq picture jariq · Aug 11, 2014

openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx

Related questions

How to add certificate chain to keystore?

I have file with chain of certificates - certificate.cer: subject=/C... issuer=/C=US/O=VeriSign, Inc... -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/C=US/O=VeriSign, Inc... issuer=/C=US/O=VeriSign, Inc... -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/C=…

Read More
Convert CA-signed JKS keystore to PEM

I have a JKS keystore with certicate signed by CA. I need to export it in PEM format in order to use it with nginx. I need to do it in such a way that it includes the whole chain, …

Read More
Not able to load P7B file into keystore file

I received a new certificate in crt / cert format. When I open this file in a text editor they added the complete certificate chain to this file. Each certificate starts with: -----BEGIN CERTIFICATE----- And ends with: -----END CERTIFICATE----- There are …

Read More