1pki-pkcs12(1)          PKI PKCS #12 Management Commands          pki-pkcs12(1)
2
3
4

NAME

6       pki-pkcs12  - Command-Line Interface for managing certificates and keys
7       in PKCS #12 file.
8
9

SYNOPSIS

11       pki [CLI options] pkcs12
12       pki [CLI options] pkcs12-export [command options]
13       pki [CLI options] pkcs12-import [command options]
14       pki [CLI options] pkcs12-cert [command options]
15       pki [CLI options] pkcs12-key [command options]
16
17

DESCRIPTION

19       The pki pkcs12 commands provide command-line interfaces to manage  cer‐
20       tificate and keys in a PKCS #12 file.
21
22
23       pki [CLI options] pkcs12-export [command options]
24           This  command  is  to  export all certificates and keys from an NSS
25           database into a PKCS #12 file.
26
27       pki [CLI options] pkcs12-import [command options]
28           This command is to import all certificates and keys from a PKCS #12
29           file into an NSS database.
30
31       pki [CLI options] pkcs12-cert [command options]
32           This  command  is  to  manage individual certificates in a PKCS #12
33           file. See pki-pkcs12-cert(1).
34
35       pki [CLI options] pkcs12-key [command options]
36           This command is to import individual keys in a PKCS #12  file.  See
37           pki-pkcs12-key(1).
38
39

OPTIONS

41       The CLI options are described in pki(1).
42
43

OPERATIONS

45       To view available PKCS #12 commands, type pki pkcs12. To view each com‐
46       mand's usage, type  pki pkcs12-<command> --help.
47
48       All pki pkcs12 commands require a PKCS #12 file and its password.   The
49       PKCS  #12  file can be specified with the --pkcs12-file parameter.  The
50       password can be specified either directly  with  the  --pkcs12-password
51       parameter, or in a file with the --pkcs12-password-file parameter.
52
53       Some pki pkcs12 commands require an NSS database and its password.  The
54       NSS database location can be specified with the -d parameter  (default:
55       ~/.dogtag/nssdb).   The NSS database password can be specified with the
56       -c or the -C parameter.
57
58
59   Exporting all certificates and keys into a PKCS #12 file
60       To export all certificates and keys from an NSS database  into  a  PKCS
61       #12 file:
62
63       pki <NSS database location> <NSS database password> pkcs12-export <PKCS
64       #12 file> <PKCS #12 password> [nicknames...]
65
66       By default the command will export all certificates in  the  NSS  data‐
67       base.   To  export  certain  certificates only, specify the certificate
68       nicknames as separate arguments.
69
70       By default the command will always create a  new  PKCS  #12  file.   To
71       export into an existing PKCS #12 file, specify the --append parameter.
72
73       By  default  the command will include the certificate chain.  To export
74       without certificate chain, specify the --no-chain parameter.
75
76       By default the command will include the key of  each  certificate.   To
77       export without the key, specify the --no-key parameter.
78
79       By  default  the  command will include the trust flags of each certifi‐
80       cate.  To export without the trust flags, specify the  --no-trust-flags
81       parameter.
82
83
84   Importing certificates and keys from a PKCS #12 file
85       To  import certificates and keys from a PKCS #12 file into an NSS data‐
86       base:
87
88       pki <NSS database location> <NSS database password> pkcs12-import <PKCS
89       #12 file> <PKCS #12 password>
90
91       By  default  the  command will include all certificates in the PKCS #12
92       file.  To import without  the  CA  certificates  (certificates  without
93       keys), specify the --no-ca-certs parameter.  To import without the user
94       certificates (certificates  with  keys),  specify  the  --no-user-certs
95       parameter.
96
97       By  default the command will skip a certificate if it already exists in
98       the NSS database.  To overwrite the nickname, the key,  and  the  trust
99       flags of existing certificates, specify the --overwrite parameter.
100
101       By  default  the  command will include the trust flags of each certifi‐
102       cate.  To import without the trust flags, specify the  --no-trust-flags
103       parameter.
104
105

AUTHORS

107       Endi S. Dewata <edewata@redhat.com>.
108
109
111       Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General
112       Public License, version 2 (GPLv2). A copy of this license is  available
113       at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
114
115

SEE ALSO

117       pki-pkcs12-cert(1), pki-pkcs12-key(1)
118
119
120
121version 10.3                     Oct 28, 2016                    pki-pkcs12(1)
Impressum