How to make PKCS12 (PKCS#12) contain more than one private key in .p12 container?

About

Asked 17/8, 2018 at 3:46 Answered 16/7 at 16:2

openssl private-key pkcs#12 key-management

I used Openssl to create a PKCS12 .p12 container storing a private key, server certificate and a CACertificate (Self signed) and I was able to export/parse the same successfully.

But I want to know how I can add more than one Private key to the same container. For example - I have 2 sets of server certificate and 2 private keys that I need add to the single .p12 container. From that .p12 container I want to parse and extract both private keys separately along with 2 server certificates.

In this link, it is mentioned that it is possible to do so but there are no answers on how to achieve it.

How can I achieve this? How can I save private keys(PK1 and PK2) and Server certs (C1, C2) into .p12 and extract them using OpenSsl?

Olaolaf answered 17/8, 2018 at 3:46 Comment(3)

If you found the solution please share, I am looking same thing you post here – Homopterous 14/7, 2020 at 16:29

I was not able to find the openssl command to achieve the above, But this can be achieved in JAVA and below is my Java implementation for the same. final KeyStore store = KeyStore.getInstance("PKCS12"); store.load(null, null); store.setKeyEntry("alias1",serverPrivKey, null, chainOfCertificates1); store.setKeyEntry("alias2",clientPrivKey, null, chainOfCertificates2); store.store(fOut, "password");store.load(null, null); This exported a P12 with server and client certificates in the same P12 file. – Olaolaf 24/8, 2020 at 7:56

Openssl only supports a single key from the command line. see : en.wikipedia.org/wiki/…. PKCS12 format does support multiple keys, you just can't do it from the "openssl pkcs12" command line. Although not obvious, you can enter multiple certificates from the command line using the -certfile <certfile> option. The certfile can contain multiple certificates inside it. If you have your each extra certificate in a single file, concatenate them. – Graciagracie 19/9, 2022 at 18:49

While you can use OpenSSL utility directly as mentioned in the comments to original question, you might consider Keystore Explorer GUI tool for maintaining multiple certificate/key pairs in a single PKCS12 store file.

The content of PKCS12 file with multiple items looks as follows:

Falkirk answered 16/7 at 16:2 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags