How to create pkcs12 truststore using openssl

Matt Hughes picture Matt Hughes · Aug 11, 2014 · Viewed 13.9k times · Source

I can export a Java truststore (JKS file with only certificates, no private key), using the keytool command to a p12 file:

keytool -importkeystore -srckeystore truststore.jks -destkeystore truststore.p12 -deststoretype PKCS12

However, I can't seem to figure out how I could create the same file using the 'openssl pkcs12' command. It allows you to pass in certificates, but every option I've tried requires the user to pass in the private key.

Answer

jariq picture jariq · Aug 11, 2014

openssl pkcs12 -export -nokeys -in certificate.cer -out pkcs12.pfx