Ssl p12store
ssl_create_p12¶
Create a PKCS#12 keystore from a private key and one or more PEM certificate files. Certificate files are joined in the order given (same behaviour as ssl_cert_join). Non-interactive; password supplied via -p. Alias defaults to the CN of the first (leaf) certificate.
Example¶
ssl_create_p12 -k server.key -p changeit -o keystore.p12 cert.pem intermediate.pem
ssl_create_p12 -k server.key -p changeit -o keystore.p12 -a myapp cert.pem chain.pemOptions¶
- -k
string Private key file (required)
- -p
string Export password (required)
- -o
string Output .p12 file path (required)
- -a
string Alias/friendly name for the key entry (default: CN of first cert)
Arguments¶
- ... (string): One or more PEM certificate files in chain order
Exit codes¶
- 0: Success
- 1: Missing arguments, invalid input files, or openssl failure
ssl_create_p12_truststore¶
Create a PKCS#12 trust bundle from one or more PEM certificate files. Contains only trusted certificates — no private key. Atomic write via temp file.
Example¶
ssl_create_p12_truststore truststore.p12 changeit ca1.pem ca2.pemArguments¶
- $1 (string): Output .p12 file path (required)
- $2 (string): Export password (required)
- ... (string): One or more PEM certificate files
Exit codes¶
- 0: Success
- 1: Missing arguments, invalid cert, or openssl failure
Output on stdout¶
- Count of certificates imported
ssl_split_p12¶
Split a PKCS#12 file into individual PEM certificate files. Extracts all certificates (leaf and CA chain), writing one file per cert named by the certificate's CN. Falls back to a numbered prefix if CN is absent. Output directory is created if it does not exist.
Example¶
ssl_split_p12 bundle.p12 changeit /tmp/certsArguments¶
- $1 (string): Path to the .p12 file (required)
- $2 (string): Password (required; use '' for no password)
- $3 (string): Output directory (default: current directory)
Exit codes¶
- 0: Success
- 1: File not found, no certs found, or extraction failure
Output on stdout¶
- Count of certificates extracted