Openssl convert .PEM containing only RSA Private Key to .PKCS12

23
votes

Currently I have a .PEM file containing only a private key. I need to convert this file into a .PKCS12 file. Currently I'm trying to use openssl to achieve this and I'm running into some problems.

The .PEM file I'm using is of the form:

-----BEGIN RSA PRIVATE KEY-----

Some key

-----END RSA PRIVATE KEY-----

I use the following Openssl command to attempt to convert this .PEM file into a .PKCS12:

openssl pkcs12 -export -inkey file.pem -out file.p12

The console then hangs with the message:

Loading 'screen' into random state -done

What am Im doing wrong?

Any help would be appriciated.

2
opensslrsapempkcs#12
So far you've only accepted one answer to any of your questions, and that was your own answer!President James K. Polk
The pkcs12 file typically contains a certificate chain plus the private key for the leaf certificate of the chain. In its simplest form it contains one self-signed certificate plus the associated private key. You need to create a certificate with your public key, and that certificate must contain the fields that your consuming application is expecting.President James K. Polk

2 Answers

40
votes

I ran into this problem and resolved it by adding the -nocerts option after export. My guess regarding the cause of the "freeze up" is that openssl is probably trying to read additional input from the console.

openssl pkcs12 -export -nocerts -inkey your.private.key.pem -out your.private.key.p12
5
votes

I think you have to provide the certificate as well, not only the private key:

openssl pkcs12 -export -inkey privatekey.pem -in certificate.cer -out bothAsPKCS12.p12