Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step certificate p12
Name
step certificate p12 -- package a certificate and keys into a .p12 file
Usage
step certificate p12 <p12-path> [<crt-path>] [<key-path>]
[--ca=<file>] [--password-file=<file>]
Description
step certificate p12 creates a .p12 (PFX / PKCS12) file containing certificates and keys. This can then be used to import into Windows / Firefox / Java applications.
Options
--ca=file
The path to the file containing a CA or intermediate certificate to
add to the .p12 file. Use the '--ca' flag multiple times to add
multiple CAs or intermediates.
--password-file=file
The path to the file containing the password to encrypt the .p12 file.
--no-password Do not ask for a password to encrypt a private key. Sensitive key material will be written to disk unencrypted. This is not recommended. Requires --insecure flag.
-f, --force Force the overwrite of files without asking.
--insecure
Exit codes
This command returns 0 on success and >0 if any error occurs.
Examples
Package a certificate and private key together:
$ step certificate p12 foo.p12 foo.crt foo.key
Package a certificate and private key together, and include an intermediate certificate:
$ step certificate p12 foo.p12 foo.crt foo.key --ca intermediate.crt
Package a CA certificate into a "trust store" for Java applications:
$ step certificate p12 trust.p12 --ca ca.crt
Package a certificate and private key with an empty password:
$ step certificate p12 --no-password --insecure foo.p12 foo.crt foo.key
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.