PKCS#12 is a successor to Microsoft’s PFX format. It defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X509 certificate or to bundle all the members of a chain of trusted certificates, starting from the root certificate authority. The files PFX (.pfx) and PKCS#12 (.p12), including terms, are somewhat used interchangeably and refer to same standard.
PKCS#12 are normally generated using OpenSSL, which is an open-source tool. We can use the same tool to convert JKS, which is Java keystore and PKCS#12 certs to crt and key files.
We can use following command to convert an JKS file to P12:
keytool -importkeystore -srckeystore my_cert.jks -destkeystore my_cert.p12 -deststoretype PKCS12
Thereafter, we can convert it to Certificate (.crt) file using below set of commands:
# output only client certificate openssl pkcs12 -in my_cert.p12 -clcerts -nokeys -out my_cert.crt # output full chain of trusted certificates openssl pkcs12 -in my_cert.p12 -nokeys -out my_cert_full.crt
We can extract Key (.key) file using below set of commands:
# generates key file with private key encrypted openssl pkcs12 -in my_cert.p12 -nocerts -out my_cert.key # generates key file without private key encrypted openssl pkcs12 -in my_cert.p12 -nocerts -nodes -out my_cert.key