Windows在安装由openssl生成的p12密钥时要求输入p12密码 [英] Windows asks for p12 password when installing p12 key generated by openssl

问题描述

如果我使用openssl生成p12证书，则为:

If I generate a p12 certificate with openssl as:

openssl pkcs12 -export -in myprivatecert.pem -nokeys -out mycert.p12

即使我要求openssl不导出私钥，但为什么Windows在安装证书时仍需要私钥密码.

Even though I ask openssl to not export the private key, why does windows still require the private key password when installing the certificate.

我认为我缺少一些东西.

I figure I am missing something.

推荐答案

密码是PKCS12文件本身的密码，而不是私钥的密码.您可以通过添加"-password pass:"来指定空白密码:

The password is for the PKCS12 file itself, not for the private key. You can specify a blank password by adding "-password pass:" like this:

$ openssl pkcs12 -password pass: -export -in myprivatecert.pem -nokeys -out mycert.p12

Windows仍然会提示您输入密码，但您可以将其保留为空，导入将正常进行.

You will still be prompted by Windows for the password, but you can leave it empty, and the import will work fine.

如果您要在Windows上导入的只是证书(没有密钥)，则还可以使用DER格式，如下所示:

If all you are importing on Windows is the certificate, without the key, they you can also use the DER format like this:

$ openssl x509 -in myprivatecert.pem -outform DER -out mycert.der

这样做的一个好处是，当您在Windows上双击该文件时，它可以识别der扩展名，并且可以在导入之前查看证书的详细信息.另外，也不会出现密码提示.

One benefit of this is that when you double-click this file on Windows, it recognizes the der extension, and you can view the certificate details just before importing. Also, there will be no password prompt.

这篇关于Windows在安装由openssl生成的p12密钥时要求输入p12密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！