Export a PKCS#12 file without an export password?

openssl command pkcs#12
F21 picture F21 · Dec 16, 2014 · Viewed 72.2k times · Source

I am generating exporting some pkcs#12 files for testing purposes. These files are not being used in production and only exist temporary during automated testing.

I am using the following command:

openssl pkcs12 -export -nodes -out bundle.pfx -inkey mykey.key -in certificate.crt -certfile ca-cert.crt

Why is it insisting on an export password when I have included -nodes?

My OpenSSL version is OpenSSL 1.0.1f 6 Jan 2014 on Ubuntu Server 14.10 64-bit.

Answer

F21 picture F21 · Dec 16, 2014

In interactive mode, when it prompts for a password, just press enter and there will be no password set.

If you are want to automate that (for example as an ansible command), use the -passout argument. It expects the parameter to be in the form pass:mypassword. Since we want no password:

openssl pkcs12 -export -nodes -out bundle.pfx -inkey mykey.key \
    -in certificate.crt -certfile ca-cert.crt \
    -passout pass:

Related questions

Converting PKCS#12 certificate into PEM using OpenSSL

I have OpenSSL x64 on Windows 7 which I downloaded from openssl-for-windows on Google Code. I'm attempting to run: openssl pkcs12 -export -in "path.p12" -out "newfile.pem" but I get an error. unable to load private key How do I …

Read More
Enter PEM pass phrase when converting PKCS#12 certificate into PEM

I am using OpenSSL to convert my "me.p12" to PEM. When I generate "me.p12", I set a password for it. The "me.p12" contains a private key and a certificate. When I convert it to PEM, I run …

Read More
How to create a self-signed certificate with OpenSSL

I'm adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps: openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out …

Read More