Skip to content

certtool --to-p12 seems to alway require a password

It would be nice to permit certtool --to-p12 to generate password-less PKCS#12 objects.

certtool --no-text --key-type rsa --hash SHA512 --bits 2048 --to-p12 --p12-name bob --password '' --load-privkey bob.key --load-ca-certificate ca.crt --load-certificate bob.crt --outfile bob.p12 < /dev/null
Generating a PKCS #12 structure...
Loading private key list...
Loaded 1 private keys.
bag_encrypt: The request is invalid.

using --null-password or --empty-password is of course not the same thing as having no password set.

(fwiw, --password '' is a weird way to state "no password" -- it might be nicer to explicitly add --no-password. Also, it looks like --ask-pass is irrelevant for --to-p12, since it always requires a password)