PKI Certificate Tutorials - Herong's Tutorial Examples

∟PKCS12 Certificate Bundle File

This chapter provides a quick introduction of the PKCS12 certificate bundle file. Topics include introduction of PKCS12 file format; creating a PKCS12 bundle with 'openssl' and 'keytool'; converting PKCS12 bundle to PEM bundle.

What Is PKCS12 File Format

"openssl pkcs12 -export" - Certificate and Key Bundle

"openssl pkcs12 -export" - Certificate Chain and Key Bundle

"openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle

"openssl pkcs12 -export" - Limitations and Errors

"keytool -genkeypair" - Certificate and Key Bundle

"keytool -importcert" - Certificate-Only Bundle

"keytool -storetype pkcs12" - Limitations and Errors

ASN.1 Data Structure of PKCS12 File

Takeaways:

• A PKCS12 bundle file can store multiple cryptography objects, including private/public keys and certificates.
• "openssl pkcs12 -export" command can be used to build a PKCS12 file with a given key pair and a given matching certificate.
• "openssl pkcs12 -export" command can be used to build a PKCS12 file with a given key pair, matching certificate, and any additional certificates.
• "openssl pkcs12" command can be used to convert a PKCS12 bundle into a PEM bundle.
• "keytool -genkeypair" command can be used to build a PKCS12 file with an internally generated key pair and and a self-signed certificate.
• "keytool -importcert" command can be used to store any certificates into a PKCS12 bundle.
• Commonly used file extensions for PKCS12 bundles are *.p12, *.pfx, and *.jks.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

 OpenSSL - Cryptography Toolkit

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

►PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 Linux Trust Store for CA Certificates

 ca-certificates - Linux CA Certificate Package

 update-ca-trust Command on Red Hat Computers

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB

PKCS12 Certificate Bundle File - Updated in 2026, by Herong Yang