PKCS12 Keystore Support in Phoenix

Hi,

I am working on a project where I am trying to use a PKCS12 keystore with a password for storing my Web Certificate and Private Key files in for my Phoenix Web Server, as opposed to the passing in the real file paths for the :certfile and :keyfile options in the https options Phoenix Endpoint config.

The reason for this security, where we don’t want to keep the real files in the open on our filesystem.

Has anyone tried this before? I haven’t been able to find much support online for doing this.

Thanks in advance for any help.

3 Likes

You can’t use PKCS12 files directly, but that doesn’t mean you have to store the private key in plaintext. You can extract the certificate and key to PEM format using OpenSSL, and set a passphrase for the key. You then pass the ‘:certfile’ and ‘:keyfile’ params, along with the ‘:password’ option.

Or do you mean an external keystore using a PKCS11 interface?

4 Likes

Thanks for your help @voltone , I think we will end up having to do just that.

We initially wanted the PKCS12 format, but as long as it is encrypted even in PEM format. I think I we will be okay.