Openssl extract

From UVOO Tech Wiki
Revision as of 23:56, 11 April 2023 by Busk (talk | contribs) (Created page with "# 1 Download pkcs12 for host.example.com.pfx from PKI extract certs for pkcs12 ``` openssl pkcs12 -in host.example.com.pfx -nocerts -nodes > entity.key openssl pkcs12 -in  h...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

1

Download pkcs12 for host.example.com.pfx from PKI

extract certs for pkcs12 

openssl pkcs12 -in host.example.com.pfx -nocerts -nodes > entity.key
openssl pkcs12 -in  host.example.com.pfx -clcerts -nokeys > entity.crt
openssl pkcs12 -in host.example.com.pfx -cacerts -nokeys -chain > ca.crt

append as many ca.crt files as you want for multiple root ca.

verify 

openssl verify -verbose -CAfile ca.cert entity.crt
curl --cacert ca.crt "https://host.example.com"
Retrieved from "https://tech.uvoo.io/index.php?title=Openssl_extract&oldid=4004"