certificatefirefoxgoogle-chrome
I have imported a certificate into firefox, and I want to export it into PKCS12 format. The only options that I find are PKCS7 , PEM and DIR. and not PKCS12. I doubt that the certificate has no private key, so is there a way to check that?
EDIT
My problem was in the Chrome browser, which I used when I requested the certificate. It seems that it has a problem with storing the private key. I repeated the request with Firefox and things went fine.
Make sure you have the associated private key.
Double-click on the certificate entry, make sure it shows "You have a private key that corresponds to this certificate" at the bottom.
There's nothing wrong. That's how PKCS12 works. PKCS12 is format for securely transporting certificate chains and private keys between tokens. Protection/encryption of private key is done by passphrase you entered when asked for 'Enter Export Password'. Nothing like twice encrypted keys.
EDIT: Omit -nodes option. That turns off encryption of private key.
Best Answer
You can view Certificate contents in Firefox
(
Tools -> Options -> Advanced -> Encryption -> View Certs -> Yours/Authority/etc -> <cert> -> View -> Details -> Certificate Fields -> Public Key)If you can export to PEM, you can convert that to PKCS12
Update: Examples of using OpenSSL
Generate a self-signed certificate
View it's contents
View the PEM file
Note that whilst a PEM file can contain both private key and a certificate, the private key isn't part of the X.509 certificate.
If the PEM exported by FF lacks the BEGIN and END markers around the Base64 encoded data, OpenSSL can't read the PEM file.
Here's CA certificate I exported from Firefox (*viewed in e.g. notepad)
(ellipsis … where data omitted for brevity)
I can view that OK using
openssl x509 -in ff.crt -noout -text(I cut & pasted from Windows to Linux but you can install openssl on Windows too)