RSA Private Key given PKCS12 File Extension

[doapp-nick]

I spent a few hours debugging an issue related to the generation of new signing identities using cert. Specifically, after a successful creation 3 new files are generated.

• CertCertificateSigningRequest.certSigningRequest
• XXXXXXXXX.cer
• private_key.p12

The private_key.p12 does not appear to be a p12 (PKCS12) but a RSA Private Key. PKCS12, as a packaging format, when exported from Keychain Access tends to be a combination of the private key and the certificate generated by the CSR in PEM format.

The easiest fix here is probably to change the file extension to something more consistent with what is contained, say '.rsa'. A more complete fix might be to generate a p12 from the cert and the rsa private key in the same fashion that Keychain Access does.

[cwhenderson20]

👍 for this. Generating a valid .p12 would be helpful as it keeps the certificate and private key bundled. By convention, though, .p12 files require a non-blank passphrase, which might be an issue for those who don't want to specify it on import/export.

[RocketPop]

I think this is how you can whip up a p12 from a pem
openssl pkcs12 -export -in certfilename.pem -out certfilename.p12 -passout pass:xxxxxxx

Where you need to provide a passphrase instead of "xxxx..." Also - please double check this snippet before actually using it :)

[marcomorain]

👍