Difference between revisions of "Openssl extract"
Jump to navigation
Jump to search
(Created page with "# 1 Download pkcs12 for host.example.com.pfx from PKI extract certs for pkcs12 ``` openssl pkcs12 -in host.example.com.pfx -nocerts -nodes > entity.key openssl pkcs12 -in h...") |
(No difference)
|
Latest revision as of 23:56, 11 April 2023
1
Download pkcs12 for host.example.com.pfx from PKI
extract certs for pkcs12
openssl pkcs12 -in host.example.com.pfx -nocerts -nodes > entity.key openssl pkcs12 -in host.example.com.pfx -clcerts -nokeys > entity.crt openssl pkcs12 -in host.example.com.pfx -cacerts -nokeys -chain > ca.crt
append as many ca.crt files as you want for multiple root ca.
verify
openssl verify -verbose -CAfile ca.cert entity.crt curl --cacert ca.crt "https://host.example.com"