How to use pfx (.p12) file with a passphrase as certificate in Kong service?

curl -i -X POST kong-ip:8001/certificates
-F “cert=@/home/xyz/Downloads/abc.cer”
-F “key=@/home/xyz/Downloads/abcdef.p12”
-F “snis=something.com

I tried the above cURL but it doesn’t work. The .p12 file has a passphrase, not sure how to give that.

Can anyone please help me re-create this postman certification adding procedure in kong service?

p12 is pkcs12 format which means it contains both key and cert.

You need to export your key out

Hi fomm,
Thanks for responding. I followed the steps in [1] to extract the 2 .pem files. I was not able to choose to skip entering passphrase of private key - gave me an error when I tried -

139825914426560:error:28078065:UI routines:UI_set_result_ex:result too small:…/crypto/ui/ui_lib.c:903:You must type in 4 to 1024 characters.

So even though I have two .pem files now, and I’m using the curl given in my original post. It’s giving me this error:

{“message”:“schema violation (key: invalid key: pkey.new:load_key: asn1/tasn_dec.c:309:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error)”,“code”:2,“fields”:{“key”:“invalid key: pkey.new:load_key: asn1/tasn_dec.c:309:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error”},“name”:“schema violation”}

[1] openssl - Extract public/private key from PKCS12 file for later use in SSH-PK-Authentication - Stack Overflow

Any idea how to resolve?

There seems to be an issue with your cert/key.

From reading https://support.f5.com/csp/article/K63115154

Are you using a password protected key file?

Yes, it’s a password protected key file

Then you should remove the password on your key and try again.