PKCS 12

The internal storage containers, called "SafeBags", may also be encrypted and signed.

It enables buckets of complex objects such as PKCS #8 structures, nested deeply.

[citation needed] PKCS #12 files are usually created using OpenSSL, which only supports a single private key from the command line interface.

[9][10] A simpler, alternative format to PKCS #12 is PEM which just lists the certificates and possibly private keys as Base 64 strings in a text file.

However, beware that for interchangeability with other software, if the sources are in PEM Base64 text, then --outder should also be used.