Enter export password to generate a P12 certificate
Command LinePasswordsOpensslCommand Line Problem Overview
I would like to generate a P12 certificate from a .key and .pem. I'm running this command and get prompted to enter a export password:
pkcs12 -export -inkey private-key.key -in developer_identity.pem -out iphone_dev.p12
I can't enter a password at this point, it seems that the keyboard input is not recognized.
What do I miss? (I'm new to the Command Line tool and openSSL)
Command Line Solutions
Solution 1 - Command Line
OpenSSL command line app does not display any characters when you are entering your password. Just type it then press enter and you will see that it is working.
You can also use openssl pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12 -password pass:YourPassword
to pass the password YourPassword
from command line. Please take a look at section Pass Phrase Options in OpenSSL manual for more information.
Solution 2 - Command Line
I know this thread has been idle for a while, but I just wanted to add my two cents to supplement jariq's comment...
Per manual, you don't necessary want to use -password
option.
Let's say mykey.key
has a password and your want to protect iphone-dev.p12
with another password, this is what you'd use:
pkcs12 -export -inkey mykey.key -in developer_identity.pem -out iphone_dev.p12 -passin pass:password_for_mykey -passout pass:password_for_iphone_dev
Have fun scripting!!
Solution 3 - Command Line
The selected answer apparently does not work anymore in 2019 (at least for me).
I was trying to export a certificate using openssl (version 1.1.0) and the parameter -password
doesn't work.
According to that link in the original answer (the same info is in man openssl
), openssl has two parameter for passwords and they are -passin
for the input parts and -passout
for output files.
For the -export
command, I used -passin
for the password of my key file and -passout
to create a new password for my P12 file.
So the complete command without any prompt was like below:
openssl pkcs12 -export -in /tmp/MyCert.crt -inkey /tmp/MyKey.key -out /tmp/MyP12.p12 -name alias -passin pass:keypassphrase -passout pass:certificatepassword
If you does not want a password, you can use pass:
like below:
openssl pkcs12 -export -in /tmp/MyCert.crt -inkey /tmp/MyKey.key -out /tmp/MyP12.p12 -name alias -passin pass: -passout pass:
It will works fine with a key without password and the output certificate will be created without password too.
Solution 4 - Command Line
MacOS High Sierra is very crazy to update openssl command suddenly.
Possible in last month:
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts
MAC verified OK
But now:
$ openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts -password pass:
MAC verified OK