Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.


Home > Success Center > Web Help Desk (WHD) > Web Help Desk 12.5 Administrator Guide > Configure and manage authentication > Create a PKCS#12 Keystore from a Private Key and a Certificate

Create a PKCS#12 Keystore from a Private Key and a Certificate

Table of contents
No headers
Created by Steve.Hawkins, last modified by Anthony.Rinaldi on Jul 19, 2016

Views: 10 Votes: 0 Revisions: 4

OpenSSL provides the pkcs12 command for generating PKCS#12 files from a private key and a certificate. OpenSSL is open source and can be downloaded from the OpenSSL site at The private key and certificate must be in Privacy Enhanced Mail (PEM) format (for example, base64-encoded with ----BEGIN CERTIFICATE---- and ----END CERTIFICATE---- headers and footers).

Use this OpenSSL command to create a PKCS#12 file from your private key and certificate:

openssl pkcs12 -export \
-in <signed_cert_filename> \
-inkey <private_key_filename> \
-name 'tomcat' \
-out keystore.p12

If you have a chain of certificates, combine the certificates into a single file and use it for the input file, as shown below. The order of certificates must be from server certificate to the CA root certificate. See RFC 2246 section 7.4.2 for details on this order.

cat <signed_cert_filename> \
<intermediate.cert> [<intermediate2.cert>] 
... \
> cert-chain.txt

openssl pkcs12 -export \
-in cert-chain.txt \
-inkey <private_key_filename> \
-name 'tomcat' \
-out keystore.p12

You are prompted to provide a password for the new keystore, which you will need to provide when importing the keystore into the Web Help Desk Java keystore.

Last modified
07:54, 19 Jul 2016