How to export p12 with a "friendly name"?

[bimmerdriver]

I'm trying to use XCA to duplicate a procedure that is originally for openssl.

I'm not clear how to accomplish this step: openssl pkcs12 -export -in NAME.crt -inkey NAME.key -out NAME.p12 -name securekey

Here is the portion of the openssl man page that describes the -name option:

-name friendlyname
This specifies the "friendly name" for the certificates and private key. This name is typically displayed in list boxes by software importing the file.

I can rename the file from .pfx to .p12, but I'm not sure how to create a "friendly name".

Thanks.

[chris2511]

XCA uses the internal name of the end-entity certificate as "Friendly Name" and the CSP can also be set as described here

[bimmerdriver]

Thank you for replying.

If I export the key as key.pk8 and the certificate as certificate.crt, then use openssl to sign the certificate and apply the friendly name "securekey", the resulting filename is certificate.p12 and inside the certificate, the names are securekey and securekey_key, which is required by the system it's used for.

If I change the internal name of the certificate to securekey within xca and export certificate and key as a p12, the names are as required, but the filename is also securekey.crt. Since I have to generate similar certificates (except for the CN and other related details) for several hosts, I would have to manually rename the each of the files as I export them. It would be nice if the friendly name was independent of the filename.

I'm not clear what the purpose of CSP declaration is. I was hoping it would be a work-around to accomplish what I'm trying to achieve. I tried entering CSP: securekey in both the key and the certificate, but it didn't appear to do anything. Am I missing something?

This is an aside, but it would be really helpful if xca could "copy" the format from an existing file so it could be used to select the format for export. I was able to figure out the formats using google, but since xca can figure them out instantaneously, it would be really helpful if was possible to "copy" it.