In all docs, it is mentioned to add .crt and .key to traefik.toml.
In my case, I just have a .p12 file, it is possible to use a .p12 with traefik?
Let me start with differences between formats. Thanks to @sysadmin1138 for great explanation.
PEM - Governed by RFCs, its used preferentially by open-source software. It can have a variety of extensions (.pem, .key, .cer, .cert, more)
DER - The parent format of PEM. It's useful to think of it as a binary version of the base64-encoded PEM file. Not routinely used very much outside of Windows.
.pkcs12 .pfx .p12 - Originally defined by RSA in the Public-Key Cryptography Standards (abbreviated PKCS), the "12" variant was originally enhanced by Microsoft, and later submitted as RFC 7292. This is a passworded container format that contains both public and private certificate pairs. Unlike .pem files, this container is fully encrypted.
The main info about .p12 - it is fully encrypted and passworded container.
Take a quick look into traefik certificate.go
Package tls use only crypto/tls and crypto/x509.
package tls
import (
"crypto/tls"
"crypto/x509"
...
)
Look at crypto/x509: reading certificates from PKCS12 files github issue:
There was a try to add PKCS12 cert support into crypto/x509 but in the end it was not implemented.
As it was mentioned in comments, right way is to convert .p12.
Here is example hot to achieve it (thank to @mulaz):
openssl pkcs12 -in filename.pfx -nocerts -out filename.key
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out filename.crt
And a source of the same: Tips : Using openssl to extract private key ( .pem file) from .pfx (Personal Information Exchange)
Hope it helps!