1PKICertImport(1)          PKI certificate import tool         PKICertImport(1)
2
3
4

NAME

6       PKICertImport  -  Used  to safely validate and import certificates into
7       the NSS database.
8
9

SYNOPSIS

11       Usage: PKICertImport -d <location of nssdb> -i  <location  of  certifi‐
12       cate>  -n  <nickname for certificate> -t <trust flags> -u <usage flags>
13       [-h <hardware token name>] [-f <password file>] [-a]
14
15       Validate and import a certificate into the specified NSS database. Ver‐
16       ifies  signature, trust chain, trust, and usage flags. If a certificate
17       is not valid, it will not be added to the NSS DB or specified  hardware
18       token.
19
20

DESCRIPTION

22       The certificate import utility validates signature, trust chain, trust,
23       and usage flags before importing a certificate into the  specified  NSS
24       database.  This  ensures that no certificate is used before its authen‐
25       ticity has been verified. Unlike certutil, only one invocation is  nec‐
26       essary to both validate and import certificates.
27
28       See  certutil  for  more information about the parameters to PKICertIm‐
29       port.
30
31

OPTIONS

33       PKICertImport parameters:
34
35       --ascii, -a
36              The certificate is encoded in  ASCII  (PEM)  format  instead  of
37              binary format. Optional.
38
39
40       --database, -d <location of NSS db>
41              The  directory  containing the NSS database. This is usually the
42              client's personal directory. Required.
43
44
45       --password, -f <location of password file>
46              The path to a file containing the password to the NSS  database.
47              Optional.
48
49
50       --hsm, -h <hardware token name>
51              Name of the token. By default it takes 'internal'. Optional.
52
53
54       --certificate, -i <location of certificate>
55              Path to the certificate to import. Required.
56
57
58       --nickname, -n <nickname for the certificate>
59              Nickname for the certificate in the NSS DB. Required.
60
61
62       --trust, -t <NSS trust flags>
63              Trust  flags for the certificate. See certutil for more informa‐
64              tion about the available trust flags. Required.
65
66
67       --usage, -u <NSS usage flags>
68              Usage to validate the certificate against. See certutil for more
69              information about available usage flags. Required.
70
71

AUTHORS

73       Alexander Scheel <ascheel@redhat.com>.
74
75
77       Copyright (c) 2019 Red Hat, Inc. This is licensed under the GNU General
78       Public License, version 2 (GPLv2). A copy of this license is  available
79       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
80
81
82
83version 10.6                     Jan 30, 2019                 PKICertImport(1)
Impressum