使用openssl 转换pkcs12证书为pem格式
pkcs证书一般是.p12或.pfx格式,一般会有证书密码。
使用3步将证书导出:
第一步先导出为key文件
举例输出key文件为priv.p12.3.key
-password 参数格式pass:你的证书密码
显式使用该参数适合在脚本中非交互操作,不用弹出输入密码。
# 其中priv.p12是证书文件,证书密码是mypass1
$ openssl pkcs12 -in priv.p12 -nocerts -nodes -out priv.p12.3.key -password pass:mypass1
查看文件内容
$ cat priv.p12.3.key
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: ConName
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBANplyG7YLf8O1hMl
VKCu545kgA4lfKA8Akj5Pgw9ezEf3VgH2gqPW+ByUFZ4rV62Cv/nLJmMNdaCztrW
Xh6/OOk1N6/Nk7zyPlsfVZsIOezQO/EcmyDQ6Li/TTmFAPEa8lR/Z+F9+DtNkuoe
Hrdy0DyaXk5vhm+48ANTMSkYLJHzAgMBAAECgYEAxY9VJJAB67vsAx291Czj4ncf
L6zRc9FU79YnPsNO8T016TARGYRdREekTNSVYBulD6B7Q9sFyKpDnMpWEdJBE2i1
6x1i0Psy2jwb0Q6eGSpSIPKg/aixxrm4M/XLcAFKwBIoGpClFNb7XltQ21YNReQs
4BfLR+n51hBVqsA9IWECQQD08rgVy4Su7VIvj4OsK8j/RNqy4ehgyvMnuVO7Aege
2hha57YM88fORzb/vp2Q/QxZMTHjISdUkCl1FulmyTmnAkEA5EBkH/sCQm+0h2uG
ZVWZLtz0/KMySBSV0Vex11VbUiub7v0inKH4+yhwrQjliHPyU0z6iRCPnqDDE03L
dMLW1QJBAIg807xzlNnCb5q6ZM8HD2VDg6xIz/m+B54JixORTOyT+0XcaLotgO0v
WNzHxVWWGR8mqIuergRvpk9Urf6YXzMCQQCU05d1cslqYEOp+OZMtJ+I+vGSuSZT
8XguY6vF6BX/YgfusIcc8k/SE/BEIwTnEBL1VcAWFwJOQCxyLct3eoNxAkEAzm2H
xxxxxxxxgvbKbGBj3ouTRNC2Ht8EQ2xqTJTUg/6WuLEnD+jSYcABqXX/Dk0L0sw
xxxxxxxxKuq4LhTg==
-----END PRIVATE KEY-----
第二步基于key文件导出私钥
$ openssl rsa -in priv.p12.3.key -out priv.p12.3.key.rsa.priv.pem # 导出私钥
查看文件内容
$ cat priv.p12.3.key.rsa.priv.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDaZchu2C3/DtYTJVSgrueOZIAOJXygPAJI+T4MPXsxH91YB9oK
j1vgclBWeK1etgr/5yyZjDXWgs7a1l4evzjpNTevzZO88j5bH1WbCDns0DvxHJsg
0Oi4v005hQDxGvJUf2fhffg7TZLqHh63ctA8ml5Ob4ZvuPADUzEpGCyR8wIDAQAB
AoGBAMWPVSSQAeu77AMdvdQs4+J3Hy+s0XPRVO/WJz7DTvE9NekwERmEXURHpEzU
lWAbpQ+ge0PbBciqQ5zKVhHSQRNotesdYtD7Mto8G9EOnhkqUiDyoP2osca5uDP1
y3ABSsASKBqQpRTW+15bUNtWDUXkLOAXy0fp+dYQVarAPSFhAkEA9PK4FcuEru1S
L4+DrCvI/0TasuHoYMrzJ7lTuwHoHtoYWue2DPPHzkc2/76dkP0MWTEx4yEnVJAp
xxxxxxxxAORAZB/7AkJvtIdrhmVVmS7c9PyjMkgUldFXsddVW1Irm+79Ipyh
+PsocK0I5Yhz8lNM+okQj56gwxNNy3TC1tUCQQCIPNO8c5TZwm+aumTPBw9lQ4Os
SM/5vgeeCYsTkUzsk/tF3Gi6LYDtL1jcx8VVlhkfJqiLnq4Eb6ZPVK3+mF8zAkEA
lNOXdXLJamBDqfjmTLSfiPrxkrkmU/F4LmOrxegV/2IH7rCHHPJP0hPwRCME5xAS
9VXAFhcCTkAsci3Ld3qDcQJBAM5th4awPeZxUDYL2ymxgY96Lk0TQth7fBENsaky
xxxxxxxxJw/o0mHAAal1/w5NC9LMG/5UnoKucGSrquC4U4=
-----END RSA PRIVATE KEY-----
第三步基于key文件导出公钥
$ openssl rsa -in priv.p12.3.key -pubout -out priv.p12.3.key.rsa.pub.pem # 导出公钥
查看文件内容
$ cat priv.p12.3.key.rsa.pub.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaZchu2C3/DtYTJVSgrueOZIAO
JXygPAJI+T4MPXsxH91YB9oKj1vgclBWeK1etgr/5yyZjDXWgs7a1l4evzjpNTev
xxxxxxxxWbCDns0DvxHJsg0Oi4v005hQDxGvJUf2fhffg7TZLqHh63ctA8ml5O
xxxxxxxxDUzEpGCyR8wIDAQAB
-----END PUBLIC KEY-----
一般行业对接使用的签名证书,java直接用p12证书,其他语音大部分使用转换后的pem证书。
pem证书是指以-----BEGIN RSA PRIVATE KEY-----开头,内容为base64编码的证书。
![linux-svn卸载与安装[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)