step certificate p12
Name
step certificate p12 -- package a certificate and keys into a .p12 file
Usage
step certificate p12 <p12-path> [<crt-path>] [<key-path>]
[--ca=<file>] [--password-file=<file>] [--legacy]
[--force] [--no-password] [--insecure]
Description
step certificate p12 creates a .p12 (PFX / PKCS12) file containing certificates and keys. This can then be used to import into Windows / Firefox / Java applications.
Options
--ca=file
The path to the file
containing a CA or intermediate certificate to
add to the .p12 file. Use the '--ca' flag multiple times to add
multiple CAs or intermediates.
--password-file=file
The path to the file
containing the password to encrypt the .p12 file.
--no-password Do not ask for a password to encrypt a private key. Sensitive key material will be written to disk unencrypted. This is not recommended. Requires --insecure flag.
--legacy Encodes PKCS#12 files using the algorithms that were traditionally used, PBE+SHA1+RC2 for certificates and PBE+SHA1+3DES for keys.
-f, --force Force the overwrite of files without asking.
--insecure
Exit codes
This command returns 0 on success and >0 if any error occurs.
Examples
Package a certificate and private key together:
$ step certificate p12 foo.p12 foo.crt foo.key
Package a certificate and private key together, and include an intermediate certificate:
$ step certificate p12 foo.p12 foo.crt foo.key --ca intermediate.crt
Package a CA certificate into a "trust store" for Java applications:
$ step certificate p12 trust.p12 --ca ca.crt
Package a certificate and private key with an empty password:
$ step certificate p12 --no-password --insecure foo.p12 foo.crt foo.key
Package a certificate and private key using a legacy encoder,
$ step certificate p12 --legacy foo.p12 foo.crt foo.key