It's fairly straight-forward to use. This isn't tested, but should work:
# load OpenSSL.crypto
from OpenSSL import crypto
# open it, using password. Supply/read your own from stdin.
p12 = crypto.load_pkcs12(open("/path/to/cert.p12", 'rb').read(), passwd)
# get various properties of said file.
# note these are PyOpenSSL objects, not strings although you
# can convert them to PEM-encoded strings.
p12.get_certificate() # (signed) certificate object
p12.get_privatekey() # private key.
p12.get_ca_certificates() # ca chain.
For more examples, have a look through the unit test code of pyopenssl. Pretty much every way you might want to use the library is there
See also here or without adverts here.
Answer from user257111 on Stack Overflow Top answer 1 of 3
48
It's fairly straight-forward to use. This isn't tested, but should work:
# load OpenSSL.crypto
from OpenSSL import crypto
# open it, using password. Supply/read your own from stdin.
p12 = crypto.load_pkcs12(open("/path/to/cert.p12", 'rb').read(), passwd)
# get various properties of said file.
# note these are PyOpenSSL objects, not strings although you
# can convert them to PEM-encoded strings.
p12.get_certificate() # (signed) certificate object
p12.get_privatekey() # private key.
p12.get_ca_certificates() # ca chain.
For more examples, have a look through the unit test code of pyopenssl. Pretty much every way you might want to use the library is there
See also here or without adverts here.
2 of 3
20
As pyOpenSSL.crypto.load_pkcs12 is now deprecated, here is the equivalent solution using cryptography, with loading inside a requests Session as a bonus.
from cryptography.hazmat.primitives import serialization
from requests import Session
with open("./cert.p12", "rb") as f:
(
private_key,
certificate,
additional_certificates,
) = serialization.pkcs12.load_key_and_certificates(
f.read(), CLIENT_CERT_KEY.encode()
)
# key will be available in user readable temporary file for the time of the
# program run (until key and cert get gc'ed)
key = tempfile.NamedTemporaryFile()
cert = tempfile.NamedTemporaryFile()
key.write(
private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption(),
)
)
key.flush()
cert.write(
certificate.public_bytes(serialization.Encoding.PEM),
)
cert.flush()
session = Session()
session.cert = (cert.name, key.name)
GitHub
github.com › ShutdownRepo › pywhisker › issues › 17
module 'OpenSSL.crypto' has no attribute 'PKCS12' · Issue #17 · ShutdownRepo/pywhisker
July 20, 2024 - pywhisker.py -d example.com -u computer\$ -H 2dfcebbe9f5f4cb3bf98032887be37b6 --target User -a add [*] Searching for the target account [*] Target user found: CN=User,CN=Users,DC=example,DC=com [*] Generating certificate [*] Certificate generated [*] Generating KeyCredential [*] KeyCredential generated with DeviceID: 57ec5c73-45e5-b734-b029-8432954b1352 [*] Updating the msDS-KeyCredentialLink attribute of User [+] Updated the msDS-KeyCredentialLink attribute of the target object [!] module 'OpenSSL.crypto' has no attribute 'PKCS12'
Author h3retic
GitHub
github.com › fortra › impacket › issues › 1716
PyOpenSSL has removed deprecated PKCS12 breaking --shadow-credentials in ntlmrelayx.py · Issue #1716 · fortra/impacket
March 18, 2024 - ntlmrelayx.py -t ldaps://domain.com --shadow-credentials -smb2support --no-dump [*] Generating certificate [*] Certificate generated [*] Generating KeyCredential [*] KeyCredential generated with DeviceID: c6ec8e65-6dcf-d624-a64b-07680619cab3 [*] Updating the msDS-KeyCredentialLink attribute of ABC-123$ [*] Updated the msDS-KeyCredentialLink attribute of the target object Exception in thread Thread-7: Traceback (most recent call last): File "/usr/lib/python3.11/threading.py", line 1045, in _bootstrap_inner self.run() File "/home/redacted/.local/share/pipx/venvs/impacket/lib/python3.11/site-pack
Author pwnf
Pyopenssl
pyopenssl.org › en › 0.15.1 › api › crypto.html
crypto — Generic cryptographic module — pyOpenSSL 0.15.1 documentation
Load pkcs12 data from the string buffer. If the pkcs12 structure is encrypted, a passphrase must be included.
Pyopenssl
pyopenssl.org › en › latest › changelog.html
Changelog — pyOpenSSL 26.0.0 documentation
Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead.
GitHub
github.com › URenko › Accesser › issues › 152
AttributeError: module 'OpenSSL.crypto' has no attribute 'load_pkcs12' · Issue #152 · URenko/Accesser
October 26, 2023 - cryptography 和 pyopenssl 升到最新版后,importca.py#L61 OpenSSL.crypto.load_pkcs12 被移除,5986dc1自动构建的一键程序无法运行
Author moi-si
GitHub
github.com › ikreymer › certauth › issues
Issues · ikreymer/certauth
AttributeError: module 'OpenSSL.crypto' has no attribute 'load_pkcs12' #23 opened · Dec 5, 2023 by OTLabs · Please tag the releases · #15 opened · Sep 2, 2021 by Luflosi · ProTip! Add no:assignee to see everything that’s not assigned.
Author ikreymer
GitHub
github.com › aio-libs › aiohttp › issues › 4919
AttributeError: module 'ssl' has no attribute 'SSLContext' · Issue #4919 · aio-libs/aiohttp
August 16, 2020 - 🐞 Describe the bug Any usage of aiohttp is causing an error. It looks like this is an issue related to libraries that have changed as SSL/TLS versions have changed, but my knowledge of Python is ve...
Author tallgaijin
GitHub
github.com › ThePorgs › Exegol-images › issues › 367
[BUG] Impacket 'OpenSSL.crypto' has no attribute 'PKCS12' · Issue #367 · ThePorgs/Exegol-images
June 24, 2024 - There is an issue with the PyOpenSSL library used by Impacket. Indeed, we encounter the following error when trying, for example, to retrieve an ADCS certificate : AttributeError: module 'OpenSSL.crypto' has no attribute 'PKCS12'
Author chemoms
Python
docs.python.org › 3 › library › ssl.html
ssl — TLS/SSL wrapper for socket objects — Python 3.14.4 ...
The settings are: PROTOCOL_TLS_CLIENT or PROTOCOL_TLS_SERVER, OP_NO_SSLv2, and OP_NO_SSLv3 with high encryption cipher suites without RC4 and without unauthenticated cipher suites. Passing SERVER_AUTH as purpose sets verify_mode to CERT_REQUIRED and either loads CA certificates (when at least one of cafile, capath or cadata is given) or uses SSLContext.load_default_certs() to load default CA certificates.
GitHub
github.com › interlockledger › interlockledger-rest-client-python › issues › 1
PyOpenSSL load_pkcs12 is deprecated · Issue #1 · interlockledger/interlockledger-rest-client-python
March 31, 2021 - load_pkcs12 is deprecated, need to change to the following method adapt the rest of the code. Check; Ref 1 Ref 2 Source Change the loading method for PKCS12 certificates Update the PFX to PEM method
Author chinodyt
GitHub
github.com › pywbem › pywbem › issues › 1769
python3: AttributeError: 'SSLContext' object has no attribute 'load_cert' · Issue #1769 · pywbem/pywbem
June 10, 2019 - When using python3 I am seeing an AttributeError for load_cert(). I do not see this defined in the python3 documentation for the SSLContext object. # cat t.py #!/usr/bin/env python import platform ...
Author markpeek
PyPI
pypi.org › project › pyOpenSSL
pyOpenSSL · PyPI
Removed OpenSSL.crypto.load_pkcs7 and OpenSSL.crypto.load_pkcs12 which had been deprecated for 3 years.
» pip install pyOpenSSL
Published Apr 24, 2026
Version 26.1.0
Repository https://github.com/pyca/pyopenssl
Homepage https://pyopenssl.org/
OpenDev
opendev.org › openstack › octavia › commit › dbe59b8b46b3457808035abc5aaadac1f9967111
When we failed to load pkcs12 cert print warning · dbe59b8b46 - octavia - OpenDev: Free Software Needs Free Tools
Print actual error when we failed to load pkcs12 cert and falling back to the default implemntation, as exception may not be related to certificate or its format like an issue with wrong methods during cryptography version mismatch *** AttributeError: module 'OpenSSL.crypto' has no attribute 'l…
Pyopenssl
pyopenssl.org › en › stable › changelog.html
Changelog — pyOpenSSL 25.3.0 documentation
Removed deprecated ContextType, ConnectionType, PKeyType, X509NameType, X509ReqType, X509Type, X509StoreType, CRLType, PKCS7Type, PKCS12Type, and NetscapeSPKIType aliases. Use the classes without the Type suffix instead.
GitHub
github.com › oddcod3 › Phantom-Evasion › pull › 89
Fixed OpenSSL.crypto has no attribute PKCS12Type problem by alianjo · Pull Request #89 · oddcod3/Phantom-Evasion
November 6, 2023 - I changed changed PKCS12Type to PKCS12 cuz i had "OpenSSL.crypto has no attribute PKCS12Type problem" with python3 in kali 2020.4
Author oddcod3
GitHub
github.com › ansible-collections › community.crypto › blob › main › plugins › modules › openssl_pkcs12.py
community.crypto/plugins/modules/openssl_pkcs12.py at main · ansible-collections/community.crypto
store or send a PKCS12 file safely, you should additionally encrypt it with something else.
Author ansible-collections
GitHub
github.com › libreswan › libreswan › issues › 1990
`AttributeError: module 'OpenSSL.crypto' has no attribute 'PKCS12'` under f41 · Issue #1990 · libreswan/libreswan
January 7, 2025 - You should use the APIs in cryptography. cert.add_extensions([crypto.X509Extension(kind.encode('utf-8'), crit, string.encode('utf-8'))]) - creating otherca - creating badca creating mainca's end certs - creating nic EE:nic Traceback (most recent call last): File "/tmp/x509/./dist_certs.py", line 941, in <module> main() ~~~~^^ File "/tmp/x509/./dist_certs.py", line 925, in main run_dist_certs() ~~~~~~~~~~~~~~^^ File "/tmp/x509/./dist_certs.py", line 897, in run_dist_certs create_mainca_end_certs(mainca_end_certs) ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^ File "/tmp/x509/./dist_certs.py", line 5
Published Jan 07, 2025