1pki-client(1)        PKI NSS Database Management Commands        pki-client(1)
2
3
4

NAME

6       pki-client  -  Command-line  interface for managing the NSS database on
7       PKI client.
8
9

SYNOPSIS

11       pki [CLI-options] client
12       pki [CLI-options] client-init [command-options]
13       pki [CLI-options] client-cert-find [command-options]
14       pki [CLI-options] client-cert-request [subject-DN] [command-options]
15       pki [CLI-options] client-cert-import [nickname] [command-options]
16       pki [CLI-options] client-cert-mod nickname [command-options]
17       pki [CLI-options] client-cert-show nickname [command-options]
18       pki [CLI-options] client-cert-del nickname [command-options]
19
20

DESCRIPTION

22       The pki-client commands provide command-line interfaces to  manage  the
23       NSS database on the client's machine.
24
25
26       pki [CLI-options] client
27           This command is to list available client commands.
28
29
30       pki [CLI-options] client-init [command-options]
31           This command is to create a new NSS database for the client.
32
33
34       pki [CLI-options] client-cert-find [command-options]
35           This command is to list certificates in the NSS database.
36
37
38       pki [CLI-options] client-cert-request [subject-DN] [command-options]
39           This command is to generate and submit a certificate request.
40
41
42       pki [CLI-options] client-cert-import [nickname] [command-options]
43           This command is to import a certificate into the NSS database.
44
45
46       pki [CLI-options] client-cert-mod nickname [command-options]
47           This command is to modify a certificate in the NSS database.
48
49
50       pki [CLI-options] client-cert-show nickname [command-options]
51           This command is to view a certificate in the NSS database.
52
53
54       pki [CLI-options] client-cert-del nickname [command-options]
55           This command is to delete a certificate from the NSS database.
56
57

OPTIONS

59       The CLI options are described in pki(1).
60
61

OPERATIONS

63       To  view available client commands, type pki client.  To view each com‐
64       mand's usage, type pki client-lt;commandgt; --help.
65
66
67       To create a new database execute the following command:
68
69
70              $ pki -d <NSS database location> -c <NSS database password> client-init
71
72
73
74       To list certificates in the NSS database:
75
76
77              $ pki -d <NSS database location> -c <NSS database password> client-cert-find
78
79
80
81       To request a certificate:
82
83
84              $ pki -d <NSS database location> -c <NSS database password> client-cert-request [subject DN]
85
86
87
88       The subject DN requirement depends on  the  certificate  profile  being
89       requested.   Some profiles may require the user to provide a subject DN
90       in a certain format.  Some other profiles may generate their  own  sub‐
91       ject DN.
92
93
94       Certain  profiles  may  also  require  additional  authentication.   To
95       authenticate, a username and a password  can  be  specified  using  the
96       --username  and --password options, respectively.  If the subject DN is
97       not specififed the CLI may use the username to generate a default  sub‐
98       ject DN "UID=username".
99
100
101       To import a certificate from a file into the NSS database:
102
103
104              $ pki -d <NSS database location> -c <NSS database password> client-cert-import [*nickname*] \
105                  --cert <path>
106
107
108
109       To import a CA certificate from a file into the NSS database:
110
111
112              $ pki -d <NSS database location> -c <NSS database password> client-cert-import <nickname> \
113                  --ca-cert <path>
114
115
116
117       To  import  certificates and private keys from a PKCS #12 file into the
118       NSS database:
119
120
121              $ pki -d <NSS database location> -c <NSS database password> client-cert-import \
122                  --pkcs12 <path> --pkcs12-password <password>
123
124
125
126       To import a certificate from CA server into the NSS database:
127
128
129              $ pki -d <NSS database location> -c <NSS database password> client-cert-import <nickname> \
130                  --serial <serial number>
131
132
133
134       To import a CA certificate from CA server into the NSS database:
135
136
137              $ pki -d <NSS database location> -c <NSS database password> client-cert-import <nickname> \
138                  --ca-server
139
140
141
142       To modify a certificate's trust attributes in the NSS database:
143
144
145              $ pki -d <NSS database location> -c <NSS database password> client-cert-mod <nickname> \
146                  --trust <trust attributes>
147
148
149
150       To display a certificate in the NSS database:
151
152
153              $ pki -d <NSS database location> -c <NSS database password> client-cert-show <nickname>
154
155
156
157       To export a certificate from the NSS database into a PEM file:
158
159
160              $ pki -d <NSS database location> -c <NSS database password> client-cert-show <nickname> \
161                  --cert <path>
162
163
164
165       To export a certificate chain with the private key from the  NSS  data‐
166       base into a PKCS #12 file:
167
168
169              $ pki -d <NSS database location> -c <NSS database password> client-cert-show <nickname> \
170                  --pkcs12 <path> --pkcs12-password <password>
171
172
173
174       To  export  a  certificate  chain  with the private key with a password
175       file:
176
177
178              $ pki -d <NSS database location> -c <NSS database password> client-cert-show <nickname> \
179                  --pkcs12 <path> --pkcs12-password-file <path>
180
181
182
183       To export a client certificate with the private key from the NSS  data‐
184       base into a PEM file:
185
186
187              $ pki -d <NSS database location> -c <NSS database password> client-cert-show <nickname> \
188                  --client-cert <path>
189
190
191
192       To delete a certificate from the NSS database:
193
194
195              $ pki -d <NSS database location> -c <NSS database password> client-cert-del <nickname>
196
197
198

AUTHORS

200       Ade  Lee  lt;alee@redhat.comgt;,  Endi Dewata lt;edewata@redhat.comgt;,
201       and Matthew Harmsen lt;mharmsen@redhat.comgt;.
202
203
205       Copyright (c) 2014 Red Hat, Inc.  This is licensed under the  GNU  Gen‐
206       eral  Public  License,  version  2  (GPLv2).  A copy of this license is
207       available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
208
209
210
211PKI                               May 5, 2014                    pki-client(1)
Impressum