PKI Certificate Tutorials - Herong's Tutorial Examples
∟PKCS12 Certificate Bundle File
This chapter provides a quick introduction of the PKCS12 certificate bundle file. Topics include introduction of PKCS12 file format; creating a PKCS12 bundle with 'openssl' and 'keytool'; converting PKCS12 bundle to PEM bundle.
What Is PKCS12 File Format
"openssl pkcs12 -export" - Certificate and Key Bundle
"openssl pkcs12 -export" - Certificate Chain and Key Bundle
"openssl pkcs12 -export" - 3-Level Certificate Chain and Key Bundle
"openssl pkcs12 -export" - Limitations and Errors
"keytool -genkeypair" - Certificate and Key Bundle
"keytool -importcert" - Certificate-Only Bundle
"keytool -storetype pkcs12" - Limitations and Errors
ASN.1 Data Structure of PKCS13 File
Takeaways:
- A PKCS12 bundle file can store multiple cryptography objects,
including private/public keys and certificates.
- "openssl pkcs12 -export" command can be used
to build a PKCS12 file with a given key pair and a given matching certificate.
- "openssl pkcs12 -export" command can be used
to build a PKCS12 file with a given key pair, matching certificate,
and any additional certificates.
- "openssl pkcs12" command can be used
to convert a PKCS12 bundle into a PEM bundle.
- "keytool -genkeypair" command can be used
to build a PKCS12 file with an internally generated key pair and
and a self-signed certificate.
- "keytool -importcert" command can be used
to store any certificates into a PKCS12 bundle.
- Commonly used file extensions for PKCS12 bundles are
*.p12, *.pfx, and *.jks.
Table of Contents
About This Book
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
PKI Certificate File Formats
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKI Certificate Store
►PKCS12 Certificate Bundle File
PKCS7 Certificate Chain File
PKI Certificate Related Terminology
References
Full Version in PDF/EPUB