12 Dec 2013

Create PKCS12 client certificate via OpenSSL

Written by fabio

As is so often the case, working with SSL you need to configure and test a strong authentication (SSL client authentication).

In all these cases, you need to provide an ad-hoc client certificate to perform a succesful handshake.

OpenSSL can be used to create your PKCS12 client certificate by peforming the following few steps.


  • Create a new request
openssl req -new -nodes -out req.pem -keyout key.pem -days 3650 -config openssl.cnf


  • Sign the request with your certification authority (CA)
openssl ca -out cert.pem -days 365 -config openssl.cnf -infiles req.pem


  • Create you p12 certificate
openssl pkcs12 -export -in cert.pem -inkey key.pem -certfile cacert.pem -name "Fabio Martelli" -out cert.p12 


Now you can use your cert.p12 with client application.

E.G. If your client is Firefox you can simply import your certificate as a new "personal certificate".

IMPORTANT: the target peer (the application requiring strong authentication) has to be provisioned with the CA which has signed your certificate.


« Return