Fuse ESB - Web Services Security Guide

PKCS#12 Files

Overview

PKCS#12 is an industry-standard format for deploying certificates and private keys as a file.

Figure 2.3 shows the typical elements in a PKCS#12 file.

Figure 2.3. Elements in a PKCS#12 File

a PKCS#12 file contains a peer certificate, all the CA certificates in the chain, and the private key

Contents of a PKCS#12 file

A PKCS#12 file contains the following:

An X.509 peer certificate (first in a chain).
All the CA certificates in the certificate chain.
A private key.

The file is encrypted with a pass phrase.

	Note
	The same pass phrase is used both for the encryption of the private key within the PKCS#12 file, and for the encryption of the PKCS#12 file overall. This condition (same pass phrase) is not officially part of the PKCS#12 standard, but it is enforced by most Web browsers and by Fuse Services Framework.

Creating a PKCS#12 file

To create a PKCS#12 file, see Use the CA to Create Signed Certificates in a Java Keystore .

Viewing a PKCS#12 file

To view a PKCS#12 file, CertName.p12, enter the following command:

openssl pkcs12 -in CertName.p12

Importing and exporting PKCS#12 files

The generated PKCS#12 files generated by OpenSSL can be imported into browsers such as Internet Explorer or Firefox. Exported PKCS#12 files from these browsers can be used in Fuse Services Framework.

	Note
	Use OpenSSL v0.9.2 or later.

Comments powered by Disqus

Contents
Search