cannot view the certificate in a pem file converted from pkcs12 file, exported from NSS database with pk12util command.

Solution Unverified - Updated -


  • I created a CA certificate, a service certificate, and those private keys into a NSS database with certutil command.
  • I saved the CA certificate with PKCS12 format with pk12util command.
# pk12util -o cacert.p12 -n "CA Certificate" -d . 
  • I converted it into pem format with openssl pkcs12 command.
#  openssl pkcs12 -in cacert.p12 -cacerts -aes128 -out cacert.pem
  • Then, I tried viewing the .pem file with openssl x509 command, but it failed with the following error.
# openssl x509 -in cacert.pem -text -noout
unable to load certificate
139773134608288:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE


Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In