PEM


Create a PKCS#12 file that contains both the certificate and the private key

In today’s world, security is a significant concern for everyone. Securing sensitive information such as passwords, certificates, and private keys is important. OpenSSL is a widely used tool for encrypting, decrypting, and managing digital certificates and keys. In this blog, we will explain the following command:

openssl pkcs12 -export -out certificate.p12 -in certificate.pem -inkey key.pem -passin pass:bytefreaks -passout pass:bytefreaks;

This command creates a PKCS#12 file containing the certificate and the private key. PKCS#12 (Public-Key Cryptography Standards #12) is a file format that stores cryptographic objects such as private keys, certificates, and intermediate certificates.

Let’s break down this command and explain what each option does:

openssl pkcs12

This is the OpenSSL command for PKCS#12.

-export

This option tells OpenSSL to export the certificate and private key.

-out certificate.p12

This option specifies the output file name and format. In this case, the output file will be named certificate.p12.

-in certificate.pem

This option specifies the input file name and format. In this case, the input file is the certificate file named certificate.pem.

-inkey key.pem

This option specifies the private key file name and format. In this case, the private key file is named key.pem.

-passin pass:bytefreaks

This option specifies the password to decrypt the private key. In this case, the password is “bytefreaks”.

-passout pass:bytefreaks

This option specifies the password to encrypt the PKCS#12 file. In this case, the password is “bytefreaks”

;

This symbol indicates the end of the command.

When you run this command, OpenSSL will prompt you to enter the password for the private key. Once you enter the correct password, OpenSSL will create a PKCS#12 file named certificate.p12 that contains both the certificate and the private key encrypted with the password “bytefreaks”.

In conclusion, the openssl pkcs12 -export -out certificate.p12 -in certificate.pem -inkey key.pem -passin pass:bytefreaks -passout pass:bytefreaks; command is used to create a PKCS#12 file that contains both the certificate and the private key. This file is encrypted with the password “bytefreaks” to ensure security.


How to retrieve the SSL cert expiration date from a PEM encoded certificate?

We use the following command to get the ending date of PEM encoded certificates that are generated using certbot and Let's Encrypt:

openssl x509 -enddate -noout -in fullchain.pem;

To get a list of all certificates and their expiration dates, we issue the following find command that executes the above snippet on each result while printing the name of the file first.

find ~/certificates/ -name "fullchain.pem" -print -exec openssl x509 -enddate -noout -in '{}' \;

In this example, the certificates are in our home folder under the name ‘certificates’. The results will look like the following sample:

/home/tux/certificates/example.com/fullchain.pem
notAfter=Aug 22 10:12:55 2021 GMT
/home/tux/certificates/site2.example.com/fullchain.pem
notAfter=Nov 22 03:22:44 2021 GMT