Skip to content

Instantly share code, notes, and snippets.

@alifhaikal88

alifhaikal88/AXP - PKCS12_Generation_Guide.md

Last active July 25, 2025 01:20
Show Gist options
  • Save alifhaikal88/8ac259d4958060738431dd4f1b4bc241 to your computer and use it in GitHub Desktop.
Save alifhaikal88/8ac259d4958060738431dd4f1b4bc241 to your computer and use it in GitHub Desktop.
Download ZIP
AXP - PKCS#12 Certificate Generation Guide
Raw
AXP - PKCS12_Generation_Guide.md

PKCS#12 Certificate Generation Guide

Overview

This guide documents the process of generating a PKCS#12 certificate file from Sectigo SSL certificates for use with Spring Boot applications.

Prerequisites

  • SSL certificate files from Sectigo
  • Private key file (generated during CSR creation)
  • OpenSSL installed on the system

Available Files

STAR_axaipay_my/
├── 2025ssl.csr                                                    # Certificate Signing Request
├── 2025ssl.key                                                    # Private Key
├── STAR_axaipay_my.crt                                           # Main SSL Certificate
├── SectigoPublicServerAuthenticationCADVR36.crt                  # Intermediate Certificate
├── SectigoPublicServerAuthenticationRootR46_USERTrust.crt       # Root Certificate
└── USERTrustRSACertificationAuthority.crt                       # Root Authority Certificate

Step-by-Step Process

Step 1: Create Certificate Chain Bundle

Combine the main certificate with intermediate certificates to create a complete chain:

cd "/Users/alifhaikal88/Documents/COMPANY/AXAIPAY/SSL/Axaipay SSL 2026/STAR_axaipay_my"
cat STAR_axaipay_my.crt SectigoPublicServerAuthenticationCADVR36.crt SectigoPublicServerAuthenticationRootR46_USERTrust.crt > certificate_chain.crt

Step 2: Generate PKCS#12 File

Create the PKCS#12 file with the private key, certificate, and chain:

openssl pkcs12 -export \
  -out axaipay_my.p12 \
  -inkey 2025ssl.key \
  -in STAR_axaipay_my.crt \
  -certfile certificate_chain.crt \
  -name "*.axaipay.my SSL Certificate" \
  -passout pass:"bayar@xai123$"

Step 3: Verify the Generated File

Check the file was created successfully:

ls -la *.p12

Verify the PKCS#12 structure:

openssl pkcs12 -info -in axaipay_my.p12 -noout -passin pass:"bayar@xai123$"

Spring Boot Configuration

Current Configuration

The PKCS#12 file is configured for use with Spring Boot:

# SSL configuration
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:keystore/axaipay_my.jks
server.ssl.key-store-password=bayar@xai123$

Usage Notes

  1. File Location: Place axaipay_my.p12 in src/main/resources/keystore/ directory
  2. File Extension: Update configuration to use .p12 extension instead of .jks
  3. Password: The keystore password matches the configuration: bayar@xai123$

Updated Spring Boot Configuration

server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:keystore/axaipay_my.p12
server.ssl.key-store-password=bayar@xai123$

Commands Summary

# Navigate to certificate directory
cd "/Users/alifhaikal88/Documents/COMPANY/AXAIPAY/SSL/Axaipay SSL 2026/STAR_axaipay_my"

# Create certificate chain
cat STAR_axaipay_my.crt SectigoPublicServerAuthenticationCADVR36.crt SectigoPublicServerAuthenticationRootR46_USERTrust.crt > certificate_chain.crt

# Generate PKCS#12 file
openssl pkcs12 -export -out axaipay_my.p12 -inkey 2025ssl.key -in STAR_axaipay_my.crt -certfile certificate_chain.crt -name "*.axaipay.my SSL Certificate" -passout pass:"bayar@xai123$"

# Verify generation
ls -la *.p12
openssl pkcs12 -info -in axaipay_my.p12 -noout -passin pass:"bayar@xai123$"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment