I am trying to generate a p12 certificate for a created user using EJBCA SOAP API in python environment. The docs inform me to use the following request: pkcs12Req, which returns a JAVA keystore data encoded in base 64 format. How do I use that data to create a .p12 file in python environment without using JAVA sdk or is that not possible?
// A new PK12 request now should return the same key and certificate
KeyStore ksenv2 = ejbcaraws.pkcs12Req(CA1_WSTESTUSER1, "foo456", null, "1024", AlgorithmConstants.KEYALGORITHM_RSA);
java.security.KeyStore ks2 = KeyStoreHelper.getKeyStore(ksenv2.getKeystoreData(), "PKCS12", "foo456");
assertNotNull(ks2);
en = ks2.aliases();
alias = (String) en.nextElement();
X509Certificate cert2 = (X509Certificate) ks2.getCertificate(alias);
assertEquals(cert2.getSubjectDN().toString(), getDN(CA1_WSTESTUSER1));
PrivateKey privK2 = (PrivateKey) ks2.getKey(alias, "foo456".toCharArray());
The pkcs12Req command returns an base64 encoded PKCS#12 keystore. If you base64 decode it, you will get a binary blob/file that can be parsed with any standard tools, like openssl. I'm not familiar with native python command for PKCS#12, but with openssl it is:
It seems you can use pyOpenSSL to parse it (base64 decode it as well I think) as described in another stackoverflow post.