Getting the serial number of a certificate stored in pkcs12

When saving a client certificate from a Mozilla application to disk – like getting it out initially after it's been installed from the cacert website – the certificate is inside a PKCS12 container.

To uniquely identify a certificate, it is useful to know its serial number, especially if you have several certificates that are similar and have gotten renewed several times, so there is more than one version of "the same" certificate around.

To learn the serial number from a p12 file, I use this line:

openssl pkcs12 -in <container>.p12 -clcerts -passout pass:"" | openssl x509 -serial -noout

Usually the certificate will be encrypted, so you have to type in the password that was used on export.