Creating a PKCS12 keystore file that contains only root certificate chains
About this task
openssl
commands. However, you can use a
different key management tool of your choice.Procedure
-
Open the
openssl
command line to create and initialize a new PKCS12 key store. -
Run the following command:
openssl pkcs12 -export -nokeys -in <root_signer_ca> -out <keystore_name>
where-nokeys
tells openssl not to require a private key,-in
indicates the root signer certificate to include in the generated PKCS12 file, and-out
indicates the file name for the new key store.For example:openssl pkcs12 -export -nokeys -in digicert-root-ca.crt -out myfile.p12