eHealth PKCS#12 via OpenSSL

It is possible to split the eHealth PKCS#12 file that has 2 private keys into 2 separate PKCS#12 files that have one private key each. These new files are then directly usable in .Net.

The best way to do this split is via the OpenSSL too, a freeware tool than can be downloaded here In order to make it easier, I provided a script, split.bat that makes it very easy. It is part of the source code, the "pkcs12" module.


Starting the script

The script is named split or split.bat

It requires 2 parameters.
  • The first parameter is the path to the file
  • The second parameter is the password of the file

The path to the file can't contain any spaces (sorry for that) and can't be surrounded by quotes.

The password parameter isn't only the password, for security reasons it can be provided in different forms. See here for the documentation.


Afterward you will get 2 PKCS#12 files, both the the same password as the original file.


c:> split dummy.p12 pass:test001

Detecting openssl (version)
OpenSSL 1.0.0c 2 Dec 2010

Convert p12 to text format

Looking for entries
        Found key: encryption
        Found key: authenication
        Found certificate: CN=cert1,O=InternetWidgitsPtyLtd,ST=Some-State,C=AU
        Found certificate: CN=cert1,O=InternetWidgitsPtyLtd,ST=Some-State,C=AU
        Found certificate: CN=IntCa,O=InternetWidgitsPtyLtd,ST=Some-State,C=AU
        Found certificate: CN=CA,O=InternetWidgitsPtyLtd,ST=Some-State,C=AU

Creating new p12 files (using same password)
        Creating file D:\Java\snapshots\ehi\pkcs12\test\dummy_authenication.p12
        Creating file D:\Java\snapshots\ehi\pkcs12\test\dummy_encryption.p12

DONE, yeeha

Last edited Jan 29, 2011 at 10:01 AM by egelke, version 2


No comments yet.