How do I export my pem file to pfx with a password on the command line

bash openssl password convert

13,007

You need to use the -passin in your command, due to the key you've used in the -inkey needs a password. Also, the exported pkcs12 file will need a password, so you need to use -passout as well. So, assuming you'll use the same password for the imported an exported keys, you should use this command.

openssl pkcs12 \
  -export \
  -in "$pem" -inkey "$key" -passin pass:"$pfxpass" \
  -passout pass:"$pfxpass" -out "$pfx"

Hope it helps!

13,007

Author by

Curious Sam

I'm a simple man with a dream. I Love jogging and scripting. Automation is key!

Updated on September 18, 2022

Comments

Curious Sam over 1 year
I need to pass the password via the command line during the exporting in a bash script.

IBM has this on their website
```
openssl pkcs12 -export -in "$pem" -inkey "$key" -out "$pfx" -passout pass:pkcs12 "$pfxpass";
```
The above does not work for me.

The command below works but then you are prompted to enter and reenter a password.
```
openssl pkcs12 -export -in "$pem" -inkey "$key" -out "$pfx";
```
How can this be scripted?
- Michael Hampton about 6 years
  
  Why doesn't it work?
- Andrew about 6 years
  
  Do you get an error message? What OS and OpenSSL version is this?
- Ondřej Xicht Světlík about 6 years
  
  I don't understand this part: -passout pass:pkcs12 "$pfxpass". -passout pass:pkcs12 will use pkcs12 as the password, the rest will be treated as another parameter and probably cause the command to fail. I personally recommend not using pass:... and set the password into an environment variable and then -passout env:varname.