1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH pki-pkcs12 1 "Oct 28, 2016" "version 10.3" "PKI PKCS #12 Management Commands" Dogtag Team
.\" Please adjust this date whenever revising the man page.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for man page specific macros, see man(7)
.SH NAME
pki-pkcs12 \- Command-Line Interface for managing certificates and keys in PKCS #12 file.
.SH SYNOPSIS
.nf
\fBpki\fR [CLI options] \fBpkcs12\fR
\fBpki\fR [CLI options] \fBpkcs12-export\fR [command options]
\fBpki\fR [CLI options] \fBpkcs12-import\fR [command options]
\fBpki\fR [CLI options] \fBpkcs12-cert\fR [command options]
\fBpki\fR [CLI options] \fBpkcs12-key\fR [command options]
.fi
.SH DESCRIPTION
.PP
The \fBpki pkcs12\fR commands provide command-line interfaces to manage certificate and keys in a PKCS #12 file.
.PP
\fBpki\fR [CLI options] \fBpkcs12-export\fR [command options]
.RS 4
This command is to export all certificates and keys from an NSS database into a PKCS #12 file.
.RE
.PP
\fBpki\fR [CLI options] \fBpkcs12-import\fR [command options]
.RS 4
This command is to import all certificates and keys from a PKCS #12 file into an NSS database.
.RE
.PP
\fBpki\fR [CLI options] \fBpkcs12-cert\fR [command options]
.RS 4
This command is to manage individual certificates in a PKCS #12 file. See \fBpki-pkcs12-cert\fR(1).
.RE
.PP
\fBpki\fR [CLI options] \fBpkcs12-key\fR [command options]
.RS 4
This command is to import individual keys in a PKCS #12 file. See \fBpki-pkcs12-key\fR(1).
.RE
.SH OPTIONS
The CLI options are described in \fBpki\fR(1).
.SH OPERATIONS
To view available PKCS #12 commands, type \fBpki pkcs12\fP. To view each command's usage, type \fB pki pkcs12-<command> \-\-help\fP.
All \fBpki pkcs12\fP commands require a PKCS #12 file and its password.
The PKCS #12 file can be specified with the \fB--pkcs12-file\fP parameter.
The password can be specified either directly with the \fB--pkcs12-password\fP parameter, or in a file with the \fB--pkcs12-password-file\fP parameter.
Some \fBpki pkcs12\fP commands require an NSS database and its password.
The NSS database location can be specified with the \fB-d\fP parameter (default: ~/.dogtag/nssdb).
The NSS database password can be specified with the \fB-c\fP or the \fB-C\fP parameter.
.SS Exporting all certificates and keys into a PKCS #12 file
To export all certificates and keys from an NSS database into a PKCS #12 file:
.B pki <NSS database location> <NSS database password> pkcs12-export <PKCS #12 file> <PKCS #12 password> [nicknames...]
By default the command will export all certificates in the NSS database.
To export certain certificates only, specify the certificate nicknames as separate arguments.
By default the command will always create a new PKCS #12 file.
To export into an existing PKCS #12 file, specify the \fB--append\fP parameter.
By default the command will include the certificate chain.
To export without certificate chain, specify the \fB--no-chain\fP parameter.
By default the command will include the key of each certificate.
To export without the key, specify the \fB--no-key\fP parameter.
By default the command will include the trust flags of each certificate.
To export without the trust flags, specify the \fB--no-trust-flags\fP parameter.
.SS Importing certificates and keys from a PKCS #12 file
To import certificates and keys from a PKCS #12 file into an NSS database:
.B pki <NSS database location> <NSS database password> pkcs12-import <PKCS #12 file> <PKCS #12 password>
By default the command will include all certificates in the PKCS #12 file.
To import without the CA certificates (certificates without keys), specify the \fB--no-ca-certs\fP parameter.
To import without the user certificates (certificates with keys), specify the \fB--no-user-certs\fP parameter.
By default the command will skip a certificate if it already exists in the NSS database.
To overwrite the nickname, the key, and the trust flags of existing certificates, specify the \fB--overwrite\fP parameter.
By default the command will include the trust flags of each certificate.
To import without the trust flags, specify the \fB--no-trust-flags\fP parameter.
.SH AUTHORS
Endi S. Dewata <edewata@redhat.com>.
.SH COPYRIGHT
Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
.SH SEE ALSO
.BR pki-pkcs12-cert(1),
.BR pki-pkcs12-key(1)
|
