1pki-pkcs12(1) PKI PKCS #12 Management Commands pki-pkcs12(1)
2
6 pki-pkcs12 - Command-Line Interface for managing certificates and keys
7 in PKCS #12 file.
8
11 pki [CLI options] pkcs12
12 pki [CLI options] pkcs12-export [command options]
13 pki [CLI options] pkcs12-import [command options]
14 pki [CLI options] pkcs12-cert [command options]
15 pki [CLI options] pkcs12-key [command options]
16
19 The pki pkcs12 commands provide command-line interfaces to manage cer‐
20 tificate and keys in a PKCS #12 file.
21 pki [CLI options] pkcs12-export [command options]
24 This command is to export all certificates and keys from an NSS
25 database into a PKCS #12 file.
26 pki [CLI options] pkcs12-import [command options]
28 This command is to import all certificates and keys from a PKCS #12
29 file into an NSS database.
30 pki [CLI options] pkcs12-cert [command options]
32 This command is to manage individual certificates in a PKCS #12
33 file. See pki-pkcs12-cert(1).
34 pki [CLI options] pkcs12-key [command options]
36 This command is to import individual keys in a PKCS #12 file. See
37 pki-pkcs12-key(1).
38
41 The CLI options are described in pki(1).
42
45 To view available PKCS #12 commands, type pki pkcs12. To view each com‐
46 mand's usage, type pki pkcs12-<command> --help.
47 All pki pkcs12 commands require a PKCS #12 file and its password. The
49 PKCS #12 file can be specified with the --pkcs12-file parameter. The
50 password can be specified either directly with the --pkcs12-password
51 parameter, or in a file with the --pkcs12-password-file parameter.
52 Some pki pkcs12 commands require an NSS database and its password. The
54 NSS database location can be specified with the -d parameter (default:
55 ~/.dogtag/nssdb). The NSS database password can be specified with the
56 -c or the -C parameter.
57 Exporting all certificates and keys into a PKCS #12 file
60 To export all certificates and keys from an NSS database into a PKCS
61 #12 file:
62 pki <NSS database location> <NSS database password> pkcs12-export <PKCS
64 #12 file> <PKCS #12 password> [nicknames...]
65 By default the command will export all certificates in the NSS data‐
67 base. To export certain certificates only, specify the certificate
68 nicknames as separate arguments.
69 By default the command will always create a new PKCS #12 file. To
71 export into an existing PKCS #12 file, specify the --append parameter.
72 By default the command will include the certificate chain. To export
74 without certificate chain, specify the --no-chain parameter.
75 By default the command will include the key of each certificate. To
77 export without the key, specify the --no-key parameter.
78 By default the command will include the trust flags of each certifi‐
80 cate. To export without the trust flags, specify the --no-trust-flags
81 parameter.
82 Importing certificates and keys from a PKCS #12 file
85 To import certificates and keys from a PKCS #12 file into an NSS data‐
86 base:
87 pki <NSS database location> <NSS database password> pkcs12-import <PKCS
89 #12 file> <PKCS #12 password>
90 By default the command will include all certificates in the PKCS #12
92 file. To import without the CA certificates (certificates without
93 keys), specify the --no-ca-certs parameter. To import without the user
94 certificates (certificates with keys), specify the --no-user-certs
95 parameter.
96 By default the command will skip a certificate if it already exists in
98 the NSS database. To overwrite the nickname, the key, and the trust
99 flags of existing certificates, specify the --overwrite parameter.
100 By default the command will include the trust flags of each certifi‐
102 cate. To import without the trust flags, specify the --no-trust-flags
103 parameter.
104
107 Endi S. Dewata <edewata@redhat.com>.
108
111 Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General
112 Public License, version 2 (GPLv2). A copy of this license is available
113 at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
114
117 pki-pkcs12-cert(1), pki-pkcs12-key(1)
118version 10.3 Oct 28, 2016 pki-pkcs12(1)