Exporting with pk12util

Using pk12util allows you to export certificates and keys from your internal database and import them into an internal or external PKCS #11 module. You can always export certificates and keys to your internal database, but most external tokens will not allow you to export certificates and keys. By default, pk12util uses certificate and key databases named cert8.db and key3.db.

To export a certificate and key from an internal database

Steps

1. Go to the server_root/alias directory containing the databases.

2. Add server_root/bin/proxy/admin/bin to your PATH.

3. Locate pk12util in server_root/bin/proxy/admin/bin.

4. Set the environment. For example:

   • On UNIX: setenv

     LD_LIBRARY_PATH/server_root/bin/proxy/lib:${LD_LIBRARY_PATH}

     • On Windows, add it to the PATH

       LD_LIBRARY_PATH server_root/bin/proxy/bin

       You can find the PATH for your computer listed under: server_root/proxy-admserv/start.

5. Enter the command: pk12util.

   The options will be listed.

6. Perform the actions required.

   For example, in UNIX enter:

   pk12util -o certpk12 -n Server-Cert [-d /server/alias] [-P https-test-host]

7. Enter the database password.

8. Enter the pkcs12 password.