Do you know this problem? You got a brand new personal certificate via a authorized issuer and all you got is a single file which has a ending of .p12. You want to use this certificate in various software solutions, but these solutions want single files for the user certificate and the private key? Then you have to split your .p12 file.
What is a .p12 file?
A .p12 file is a bundle which contains your private key as well as your private certificate. For a lot of certificate issuers, distributing these two things in a bundle is obviously easier.
Even if there is a lot of software which supports working with those bundles, there are others which don’t. The most prominent example I know is NetworkManager under Linux. If you want to use a .p12 file with the NetworkManger OpenVPN extension, you have to split up the .p12 file.
How to split a .p12 file?
This is rather easy. We can extract the user key with the following command:
user@system:~$ openssl pkcs12 -nocerts -in your_file.p12 -out user_key.pem
The user certificate can be exported like this:
user@system:~$ openssl pkcs12 -nokeys -clcerts -in your_file.p12 -out user_cert.pem
During these two steps you might get asked for a password of the actual .p12 file and for a password for the new exported files. It’s up to you if you want to protect the new exported single files with a password. However, it is recommended of course. You can also do the two commands above within one statement like this (if you want):
user@system:~$ openssl pkcs12 -nocerts -in your_file.p12 -out user_key.pem && openssl pkcs12 -nokeys -clcerts -in your_file.p12 -out user_cert.pem