Enter PEM pass phrase when converting PKCS#12 certificate into PEM

openssl command pem pkcs#12
Leem.fin picture Leem.fin · Nov 3, 2016 · Viewed 25.4k times · Source

I am using OpenSSL to convert my "me.p12" to PEM. When I generate "me.p12", I set a password for it. The "me.p12" contains a private key and a certificate.

When I convert it to PEM, I run command:

openssl pkcs12 -in me.p12 -out me.pem

Then, it asked me for Import Password:

Enter Import Password:
MAC verified OK

I entered the password I set to "me.p12", it was verified OK. But next, it ask me:

Enter PEM pass phrase:

I have no idea what is that? When I generate "me.p12" I haven't set any other password. So, what is that? How to figure this out?

Answer

dsbajna picture dsbajna · Feb 16, 2019

"Enter PEM pass phrase" because openssl doesn't want to output private key in clear text. The password is used to output encrypted private key

Below command can be used to output private key in clear text. No password is then asked.

openssl pkcs12 -nodes -in me.p12 -out me.pem

Related questions

Converting PKCS#12 certificate into PEM using OpenSSL

I have OpenSSL x64 on Windows 7 which I downloaded from openssl-for-windows on Google Code. I'm attempting to run: openssl pkcs12 -export -in "path.p12" -out "newfile.pem" but I get an error. unable to load private key How do I …

Read More
Export a PKCS#12 file without an export password?

I am generating exporting some pkcs#12 files for testing purposes. These files are not being used in production and only exist temporary during automated testing. I am using the following command: openssl pkcs12 -export -nodes -out bundle.pfx -inkey mykey.…

Read More
How to create a self-signed certificate with OpenSSL

I'm adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps: openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out …

Read More