1pki-pkcs12(1)          PKI PKCS #12 Management Commands          pki-pkcs12(1)
2
3
4

NAME

6       pki-pkcs12  - Command-line interface for managing certificates and keys
7       in PKCS #12 file.
8
9

SYNOPSIS

11       pki [CLI-options] pkcs12
12       pki [CLI-options] pkcs12-export [command-options]
13       pki [CLI-options] pkcs12-import [command-options]
14       pki [CLI-options] pkcs12-cert [command-options]
15       pki [CLI-options] pkcs12-key [command-options]
16
17

DESCRIPTION

19       The pki pkcs12 commands provide command-line interfaces to manage  cer‐
20       tificate and keys in a PKCS #12 file.
21
22
23       pki [CLI-options] pkcs12-export [command-options]
24           This  command  is  to  export all certificates and keys from an NSS
25       database into a PKCS #12 file.
26
27
28       pki [CLI-options] pkcs12-import [command-options]
29           This command is to import all certificates and keys from a PKCS #12
30       file into an NSS database.
31
32
33       pki [CLI-options] pkcs12-cert [command-options]
34           This  command  is  to  manage individual certificates in a PKCS #12
35       file. See pki-pkcs12-cert(1).
36
37
38       pki [CLI-options] pkcs12-key [command-options]
39           This command is to import individual keys in a PKCS #12  file.  See
40       pki-pkcs12-key(1).
41
42

OPTIONS

44       The CLI options are described in pki(1).
45
46

OPERATIONS

48       To  view  available  PKCS  #12 commands, type pki pkcs12.  To view each
49       command's usage, type pki pkcs12-lt;commandgt; --help.
50
51
52       All pki pkcs12 commands require a PKCS #12 file and its password.   The
53       PKCS  #12  file can be specified with the --pkcs12-file parameter.  The
54       password can be specified either directly  with  the  --pkcs12-password
55       parameter, or in a file with the --pkcs12-password-file parameter.
56
57
58       Some pki pkcs12 commands require an NSS database and its password.  The
59       NSS database location can be specified with the -d parameter  (default:
60       ~/.dogtag/nssdb).   The NSS database password can be specified with the
61       -c or the -C parameter.
62
63
64   Exporting all certificates and keys into a PKCS #12 file
65       To export all certificates and keys from an NSS database  into  a  PKCS
66       #12 file:
67
68
69              $ pki <NSS database location> <NSS database password> pkcs12-export \
70                  <PKCS #12 file> <PKCS #12 password> [nicknames...]
71
72
73
74       By  default  the  command will export all certificates in the NSS data‐
75       base.  To export certain certificates  only,  specify  the  certificate
76       nicknames as separate arguments.
77
78
79       By  default  the  command  will  always create a new PKCS #12 file.  To
80       export into an existing PKCS #12 file, specify the --append parameter.
81
82
83       By default the command will include the certificate chain.   To  export
84       without certificate chain, specify the --no-chain parameter.
85
86
87       By  default  the  command will include the key of each certificate.  To
88       export without the key, specify the --no-key parameter.
89
90
91       By default the command will include the trust flags  of  each  certifi‐
92       cate.   To export without the trust flags, specify the --no-trust-flags
93       parameter.
94
95
96   Importing certificates and keys from a PKCS #12 file
97       To import certificates and keys from a PKCS #12 file into an NSS  data‐
98       base:
99
100
101              $ pki <NSS database location> <NSS database password> pkcs12-import \
102                  <PKCS #12 file> <PKCS #12 password>
103
104
105
106       By  default  the  command will include all certificates in the PKCS #12
107       file.  To import without  the  CA  certificates  (certificates  without
108       keys), specify the --no-ca-certs parameter.  To import without the user
109       certificates (certificates  with  keys),  specify  the  --no-user-certs
110       parameter.
111
112
113       By  default the command will skip a certificate if it already exists in
114       the NSS database.  To overwrite the nickname, the key,  and  the  trust
115       flags of existing certificates, specify the --overwrite parameter.
116
117
118       By  default  the  command will include the trust flags of each certifi‐
119       cate.  To import without the trust flags, specify the  --no-trust-flags
120       parameter.
121
122

SEE ALSO

124       pki-pkcs12-cert(1), pki-pkcs12-key(1)
125
126

AUTHORS

128       Endi S. Dewata lt;edewata@redhat.comgt;.
129
130

COPYRIGHT

132       Copyright  (c)  2016 Red Hat, Inc.  This is licensed under the GNU Gen‐
133       eral Public License, version 2 (GPLv2).  A  copy  of  this  license  is
134       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
135
136
137
138PKI                              Oct 28, 2016                    pki-pkcs12(1)