The command-line utility used to import and export keys and certificates between the certificate/key databases and files in PKCS12 format is pk12util. PKCS12 is Public-Key Cryptography Standards (PKCS) #12, Personal Information Exchange Syntax Standard. More description of the pk12util utility can be read at http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html.
Import a PKCS12-formatted certificate into an NSS certificate database.
pk12util -i ${cert.pkcs12.file} -k ${certdb.pass.file} -w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config |
Import a PKCS12-formatted certificate into an NSS certificate database token module.
pk12util -i ${cert.pkcs12.file} -h ${token.name} -k ${certdb.pass.file} -w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config |
Export a certificate from an NSS certificate database in PKCS12 format.
pk12util -o -n ${cert.nickname} -k ${pass.file} -w${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config |
Export a certificate from an NSS certificate database token module in PKCS12 format (useful for hardware accelerator configuration).
pk12util -o -n ${cert.nickname} -h ${token.name} -k ${pass.file} -w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config |
Convert a PKCS12 certificate into JKS format (requires a Java source):
<target name="convert-pkcs12-to-jks" depends="init-common"> <delete file="${jks.file}" failonerror="false"/> <java classname="com.sun.enterprise.security.KeyTool"> <arg line="-pkcs12"/> <arg line="-pkcsFile ${pkcs12.file}"/> <arg line="-pkcsKeyStorePass ${pkcs12.pass}"/> <arg line="-pkcsKeyPass ${pkcs12.pass}"/> <arg line="-jksFile ${jks.file}"/> <arg line="-jksKeyStorePass ${jks.pass}"/> <classpath> <pathelement path="${s1as.classpath}"/> <pathelement path="${env.JAVA_HOME}/jre/lib/jsse.jar"/> </classpath> </java> </target>