I know that it is possible to convert a PEM (x509) certificate to plain text using OpenSSL the following way:
openssl x509 -in some.pem -text
Yet I cannot find -text option for openssl pkcs12 command. The closest that I have found so far is -info option yet its output much less informative than that of x509 -text.
Is there some limitation of PKCS#12 certificate files not allowing to get the plain text info?
Is there some limitation of PKCS#12 certificate files not allowing to get the plain text info?
No, it's a matter of software design. Having the -export option under openssl pkcs12 is a hint that OpenSSL treats PKCS#12 as a foreign format – support for this format isn't integrated into the library but confined into its own corner with manual import/export operations and its only purpose within OpenSSL is to act as an encrypted archive for transport between OpenSSL and "other systems".
(For example, a PKCS#12 archive can contain multiple sets of certificates and keys, and this didn't really fit the traditional OpenSSL model of loading a single key identified solely by file name – it did not have a concept of a "key store" until version 3.0 or something like that.)
So the only job of openssl pkcs12 is to extract the contents of the PKCS#12 file into an OpenSSL "native" format (basically equivalent to unzip for a .zip file), and then you can load the results and get information about those contents:
openssl pkcs12 -in foo.pfx -nodes | openssl x509 -noout -text
Java, on the other hand, already treats PKCS#12 as its native "keystore" format, so you can use its keytool to directly get information about the certificates inside of a .p12 file:
keytool -list -keystore foo.pfx -v
