1pki-pkcs12-cert(1)PKI PKCS #12 Certificate Management Commandspki-pkcs12-cert(1)
2
3
4
6 pki-pkcs12-cert - Command-line interface for managing individual cer‐
7 tificates in PKCS #12 file.
8
9
11 pki [CLI-options] pkcs12-cert
12 pki [CLI-options] pkcs12-cert-find [command-options]
13 pki [CLI-options] pkcs12-cert-export nickname [command-options]
14 pki [CLI-options] pkcs12-cert-import nickname [command-options]
15 pki [CLI-options] pkcs12-cert-mod nickname [command-options]
16 pki [CLI-options] pkcs12-cert-del nickname [command-options]
17
18
20 The pki pkcs12-cert commands provide command-line interfaces to manage
21 certificates in a PKCS #12 file.
22
23
24 pki [CLI-options] pkcs12-cert-find [command-options]
25 This command is to list certificates in a PKCS #12 file.
26
27
28 pki [CLI-options] pkcs12-cert-export nickname [command-options]
29 This command is to export a certificate from a PKCS #12 file.
30
31
32 pki [CLI-options] pkcs12-cert-import nickname [command-options]
33 This command is to import a certificate into a PKCS #12 file.
34
35
36 pki [CLI-options] pkcs12-cert-mod nickname [command-options]
37 This command is to modify a certificate in a PKCS #12 file.
38
39
40 pki [CLI-options] pkcs12-cert-del nickname [command-options]
41 This command is to delete a certificate from a PKCS #12 file.
42
43
45 The CLI options are described in pki(1).
46
47
49 To view available profile commands, type pki pkcs12-cert. To view each
50 command's usage, type pki pkcs12-cert-lt;commandgt; --help.
51
52
53 All pki pkcs12-cert commands require a PKCS #12 file and its password.
54 The PKCS #12 file can be specified with the --pkcs12-file parameter.
55 The password can be specified either directly with the --pkcs12-pass‐
56 word parameter, or in a file with the --pkcs12-password-file parameter.
57
58
59 Some pki pkcs12-cert commands require an NSS database and its password.
60 The NSS database location can be specified with the -d parameter
61 (default: ~/.dogtag/nssdb). The NSS database password can be specified
62 with the -c or the -C parameter.
63
64
65 Viewing certificates in a PKCS #12 file
66 To list the certificates in a PKCS #12 file:
67
68
69 $ pki pkcs12-cert-find <PKCS #12 file> <PKCS #12 password>
70
71
72
73 Exporting a certificate from a PKCS #12 file
74 To export a certificate from a PKCS #12 file into a file in PEM format:
75
76
77 $ pki pkcs12-cert-export <nickname> <PKCS #12 file> <PKCS #12 password> <cert file>
78
79
80
81 The certificate file can be specified with the --cert-file parameter.
82
83
84 Importing a certificate into a PKCS #12 file
85 To import a certificate including its key and trust flags from an NSS
86 database into a PKCS #12 file:
87
88
89 $ pki <NSS database location> <NSS database password> pkcs12-cert-import <nickname> \
90 <PKCS #12 file> <PKCS #12 password>
91
92
93
94 If the PKCS #12 file does not exist, it will be created automatically.
95 If the PKCS #12 file already exists, the certificate will be added into
96 the file.
97
98
99 The trust flags can be overwritten with the --trust-flags parameter.
100 If the key is not needed, specify the --no-key parameter.
101
102
103 Modifying a certificate in a PKCS #12 file
104 To modify the trust flags of a certificate in a PKCS #12 file:
105
106
107 $ pki pkcs12-cert-mod <nickname> <PKCS #12 file> <PKCS #12 password> <trust flags>
108
109
110
111 The trust flags can be specified with the --trust-flags parameter.
112
113
114 Deleting a certificate from a PKCS #12 file
115 To delete a certificate and its key from a PKCS #12 file:
116
117
118 $ pki pkcs12-cert-del <nickname> <PKCS #12 file> <PKCS #12 password>
119
120
121
123 pki-pkcs12(1)
124
125
127 Endi S. Dewata lt;edewata@redhat.comgt;.
128
129
131 Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU Gen‐
132 eral Public License, version 2 (GPLv2). A copy of this license is
133 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
134
135
136
137PKI Oct 28, 2016 pki-pkcs12-cert(1)