Convert a p12 file to X.509 TLS/SSL certificate string

/ .p12 is an alternate extension for what is generally referred to as a "PFX file", it's the combined format that holds the private key and certificate and is the format most modern signing utilities use. If you have a .p12 file that you exported from Firefox or Safari just rename the .p12 extension to .PFX if you need to, it's the same format.

#openssl

✍️ BroJenuel

Apr. 26, 2023. 9:31 AM

To convert a p12 file to an X.509 TLS/SSL certificate string, you can use the OpenSSL command-line tool as follows:

First, ensure that OpenSSL is installed on your system. You can check this by running the command openssl version. If it is not installed, you can install it using your system's package manager.
Once you have OpenSSL installed, you can convert the p12 file to a PEM file using the following command:
```
openssl pkcs12 -in filename.p12 -out filename.pem -nodes
```
Replace filename.p12 with the name of your p12 file, and filename.pem with the name you want to give to the output PEM file.
The -nodes option is used to prevent OpenSSL from encrypting the private key.
Next, you can extract the X.509 certificate from the PEM file using the following command:
```
openssl x509 -in filename.pem -outform der | base64
```
This command extracts the X.509 certificate in binary DER format, and then encodes it in base64.
Finally, you can copy the output of the previous command and use it as the X.509 TLS/SSL certificate string.
Note that the output will include newlines, which you should remove before using the string in your application.

If you enjoy this article and would like to show your support, you can easily do so by buying me a coffee. Your contribution is greatly appreciated!