Export certificates for browsers
We’ve been handling certificates in the pem format, but browsers and other applications usually require pkcs12. We can do the conversion using openssl:
openssl pkcs12 -export \
-out certs/foo.p12 \
-in certs/foo.pem \
-inkey certs/foo-key.pem \
-name foo.clients.pki.your.domain.tld \
-certfile intermediate/intermediate-01.pem \
-certfile ca/ca.pem
This will create certs/foo.p12
, which applications seem to load.