`certtool --to-p12` only accepts `--load-privkey` and `--load-certificate` once
PKCS12 objects can contain more than one secret key and more than one certificate that might correspond to those secret keys. (for example, a pair of X.509 certificates for S/MIME, one of which is for encryption, and one of which is for signatures)
However, certtool --p12
limits the user to a single --load-privkey
argument and a single --load-certificate
argument.
The files indicated by those arguments can include multiple objects -- two keys inside a single --load-privkey two-keys.pem
file, for example, so there is a way to achieve the desired outcome. But it seems like it would also be useful to be able to supply the arguments multiple times to inject more keys (or more certificates) into the PKCS 12 object.