Hi,
I am working on a project where I am trying to use a PKCS12 keystore with a password for storing my Web Certificate and Private Key files in for my Phoenix Web Server, as opposed to the passing in the real file paths for the :certfile and :keyfile options in the https options Phoenix Endpoint config.
The reason for this security, where we don’t want to keep the real files in the open on our filesystem.
Has anyone tried this before? I haven’t been able to find much support online for doing this.
Thanks in advance for any help.
3 Likes
You can’t use PKCS12 files directly, but that doesn’t mean you have to store the private key in plaintext. You can extract the certificate and key to PEM format using OpenSSL, and set a passphrase for the key. You then pass the ‘:certfile’ and ‘:keyfile’ params, along with the ‘:password’ option.
Or do you mean an external keystore using a PKCS11 interface?
5 Likes
Thanks for your help @voltone , I think we will end up having to do just that.
We initially wanted the PKCS12 format, but as long as it is encrypted even in PEM format. I think I we will be okay.
Hello,
I am trying to build a product consuming MC certificates and keys.
I generated the private key using below command:
openssl pkcs12 -in MCENCK.p12 -nodes | openssl rsa -outform pem -out pkcs1-key.pem
It generated a file starting like the below:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDY1AJL8U9btcRB ...
I am unable using crypto library or public_key to get the private key I need to sign the header , any idea about the support of pkcs12 in elixir or erlang ?
by the way , below link contains the same what I am trying to achieve but using javascript written by MC team :
thanks in advance
