LibraryLink ToToggle FramesPrintFeedback

PKCS#12 Files

PKCS#12 is an industry-standard format for deploying certificates and private keys as a file.

Figure 2.3 shows the typical elements in a PKCS#12 file.

A PKCS#12 file contains the following:

  • An X.509 peer certificate (first in a chain).

  • All the CA certificates in the certificate chain.

  • A private key.

The file is encrypted with a pass phrase.


The same pass phrase is used both for the encryption of the private key within the PKCS#12 file, and for the encryption of the PKCS#12 file overall. This condition (same pass phrase) is not officially part of the PKCS#12 standard, but it is enforced by most Web browsers and by Fuse Services Framework.

To create a PKCS#12 file, see Use the CA to Create Signed Certificates in a Java Keystore .

To view a PKCS#12 file, CertName.p12, enter the following command:

openssl pkcs12 -in CertName.p12

The generated PKCS#12 files generated by OpenSSL can be imported into browsers such as Internet Explorer or Firefox. Exported PKCS#12 files from these browsers can be used in Fuse Services Framework.


Use OpenSSL v0.9.2 or later.