使用openssl 轉換pkcs12證書為pem格式
pkcs證書一般是.p12或.pfx格式,一般會有證書密碼。
使用3步将證書導出:
第一步先導出為key檔案
舉例輸出key檔案為priv.p12.3.key
-password 參數格式pass:你的證書密碼
顯式使用該參數适合在腳本中非互動操作,不用彈出輸入密碼。
# 其中priv.p12是證書檔案,證書密碼是mypass1
$ openssl pkcs12 -in priv.p12 -nocerts -nodes -out priv.p12.3.key -password pass:mypass1
檢視檔案内容
$ cat priv.p12.3.key
Bag Attributes
localKeyID: 01 00 00 00
friendlyName: ConName
Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
Key Attributes
X509v3 Key Usage: 10
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBANplyG7YLf8O1hMl
VKCu545kgA4lfKA8Akj5Pgw9ezEf3VgH2gqPW+ByUFZ4rV62Cv/nLJmMNdaCztrW
Xh6/OOk1N6/Nk7zyPlsfVZsIOezQO/EcmyDQ6Li/TTmFAPEa8lR/Z+F9+DtNkuoe
Hrdy0DyaXk5vhm+48ANTMSkYLJHzAgMBAAECgYEAxY9VJJAB67vsAx291Czj4ncf
L6zRc9FU79YnPsNO8T016TARGYRdREekTNSVYBulD6B7Q9sFyKpDnMpWEdJBE2i1
6x1i0Psy2jwb0Q6eGSpSIPKg/aixxrm4M/XLcAFKwBIoGpClFNb7XltQ21YNReQs
4BfLR+n51hBVqsA9IWECQQD08rgVy4Su7VIvj4OsK8j/RNqy4ehgyvMnuVO7Aege
2hha57YM88fORzb/vp2Q/QxZMTHjISdUkCl1FulmyTmnAkEA5EBkH/sCQm+0h2uG
ZVWZLtz0/KMySBSV0Vex11VbUiub7v0inKH4+yhwrQjliHPyU0z6iRCPnqDDE03L
dMLW1QJBAIg807xzlNnCb5q6ZM8HD2VDg6xIz/m+B54JixORTOyT+0XcaLotgO0v
WNzHxVWWGR8mqIuergRvpk9Urf6YXzMCQQCU05d1cslqYEOp+OZMtJ+I+vGSuSZT
8XguY6vF6BX/YgfusIcc8k/SE/BEIwTnEBL1VcAWFwJOQCxyLct3eoNxAkEAzm2H
xxxxxxxxgvbKbGBj3ouTRNC2Ht8EQ2xqTJTUg/6WuLEnD+jSYcABqXX/Dk0L0sw
xxxxxxxxKuq4LhTg==
-----END PRIVATE KEY-----
第二步基于key檔案導出私鑰
$ openssl rsa -in priv.p12.3.key -out priv.p12.3.key.rsa.priv.pem # 導出私鑰
檢視檔案内容
$ cat priv.p12.3.key.rsa.priv.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDaZchu2C3/DtYTJVSgrueOZIAOJXygPAJI+T4MPXsxH91YB9oK
j1vgclBWeK1etgr/5yyZjDXWgs7a1l4evzjpNTevzZO88j5bH1WbCDns0DvxHJsg
0Oi4v005hQDxGvJUf2fhffg7TZLqHh63ctA8ml5Ob4ZvuPADUzEpGCyR8wIDAQAB
AoGBAMWPVSSQAeu77AMdvdQs4+J3Hy+s0XPRVO/WJz7DTvE9NekwERmEXURHpEzU
lWAbpQ+ge0PbBciqQ5zKVhHSQRNotesdYtD7Mto8G9EOnhkqUiDyoP2osca5uDP1
y3ABSsASKBqQpRTW+15bUNtWDUXkLOAXy0fp+dYQVarAPSFhAkEA9PK4FcuEru1S
L4+DrCvI/0TasuHoYMrzJ7lTuwHoHtoYWue2DPPHzkc2/76dkP0MWTEx4yEnVJAp
xxxxxxxxAORAZB/7AkJvtIdrhmVVmS7c9PyjMkgUldFXsddVW1Irm+79Ipyh
+PsocK0I5Yhz8lNM+okQj56gwxNNy3TC1tUCQQCIPNO8c5TZwm+aumTPBw9lQ4Os
SM/5vgeeCYsTkUzsk/tF3Gi6LYDtL1jcx8VVlhkfJqiLnq4Eb6ZPVK3+mF8zAkEA
lNOXdXLJamBDqfjmTLSfiPrxkrkmU/F4LmOrxegV/2IH7rCHHPJP0hPwRCME5xAS
9VXAFhcCTkAsci3Ld3qDcQJBAM5th4awPeZxUDYL2ymxgY96Lk0TQth7fBENsaky
xxxxxxxxJw/o0mHAAal1/w5NC9LMG/5UnoKucGSrquC4U4=
-----END RSA PRIVATE KEY-----
第三步基于key檔案導出公鑰
$ openssl rsa -in priv.p12.3.key -pubout -out priv.p12.3.key.rsa.pub.pem # 導出公鑰
檢視檔案内容
$ cat priv.p12.3.key.rsa.pub.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaZchu2C3/DtYTJVSgrueOZIAO
JXygPAJI+T4MPXsxH91YB9oKj1vgclBWeK1etgr/5yyZjDXWgs7a1l4evzjpNTev
xxxxxxxxWbCDns0DvxHJsg0Oi4v005hQDxGvJUf2fhffg7TZLqHh63ctA8ml5O
xxxxxxxxDUzEpGCyR8wIDAQAB
-----END PUBLIC KEY-----
一般行業對接使用的簽名證書,java直接用p12證書,其他語音大部分使用轉換後的pem證書。
pem證書是指以-----BEGIN RSA PRIVATE KEY-----開頭,内容為base64編碼的證書。
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)