Creation of a PKCS12 file from a certificate with or without a key

Create PKCS12 file from private key and new certificate

If you want to assemble a new PKCS12 file (extension .p12 or .pfx) from an existing key and a new certificate, you can use the open source tool XCA. The following GLOBALTRUST product types are delivered as PKCS12 files by default and are therefore suitable for this guide:

✓ SIGNATURE
✓ COMPANY

✓ You can find an overview of all products here

Process:

1. Download XCA
2. Run the setup and install the tool.
3. From the File menu, choose New Database and enter any filename.
4. Select the “Private Keys” tab and click on “Import”. Specify the private key file.
5. Select the “Certificates” tab and click on “Import”. Specify file with the new certificate.
6. Select the imported certificate and click “Export”.
7. Select “PKCS#12 with certificate chain” as the export format and specify a target path.
8. Enter an export password
9. The database file created in point 3 is deleted again.

Create certificate without private key in PKCS12 format

Generation using openssl:

(The prompted password must remain blank, as the private key is not used)

openssl pkcs12 -nokeys -in [certificate-file-old].pem -export -out [certificate-file-new].p12

Content control:

openssl pkcs12 -info -in [certificate-file-new].p12

You might be interested in that