前言
- openssl 1.1.1g
- 证书库格式 PKCS12
- 测试证书库 test.pfx 。该证书库仅有一套证书(多套证书公用一个证书库的情况未测试)。
查看证书库
openssl pkcs12 -in test.pfx -nokeys -clcerts
提取证书
openssl pkcs12 -in test.pfx -nokeys -clcerts -out test.crt
test.crt 内容示意:
Bag Attributes
friendlyName: alias
localKeyID: 54 69 6D ... 35 32
subject=CN = xxx.com
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G1
-----BEGIN CERTIFICATE-----
MIIF...aw==
-----END CERTIFICATE-----
提取密钥
openssl pkcs12 -in test.pfx -nocerts -nodes -out test.key
test.key 内容示意:
Bag Attributes
friendlyName: alias
localKeyID: 54 69 6D ... 35 32
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvQ...n2S0c=
-----END PRIVATE KEY-----
提取公钥
openssl rsa -in test.key -pubout -out test.rsa.pub
test.rsa.pub 内容示意:
-----BEGIN PUBLIC KEY-----
MIIBIjANB...u6FJi/DsJOx
5QIDAQAB
-----END PUBLIC KEY-----
提取私钥
openssl rsa -in test.key -out test.rsa.key
test.rsa.key 内容示意:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIB...bB5ErjxswtAJgJp9ktH
-----END RSA PRIVATE KEY-----
提取 CA 证书 / 证书链
openssl pkcs12 -in test.pfx -nokeys -cacerts -out test_chain.crt
test_chain.crt 内容示意:
Bag Attributes
friendlyName: CN=Encryption Everywhere DV TLS CA - G1,OU=www.digicert.com,O=DigiCert Inc,C=US
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G1
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIEqjCCA...nKuTPI0HfnVH8lg==
-----END CERTIFICATE-----
参考
https://blog.csdn.net/sayyy/article/details/109446683
http://blog.szwyll.com/archives/1171
https://www.cnblogs.com/littleatp/p/5878763.html