In some cases you might want to export the public and private keys of a certificate so that you can later import the certificate. For example, you might want the certificate to be used by another server.
The commands in this procedure can be used with certificates that contain wild cards, for example "cn=*,o=example".
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
Export the certificate.
$ dsadm export-cert [-o output-file] instance-path cert-alias |
For example:
$ dsadm export-cert -o /tmp/first-certificate /local/ds1 "First Certificate" $ dsadm export-cert -o /tmp/first-ca-server-certificate /local/ds1/ defaultCert Choose the PKCS#12 file password: Confirm the PKCS#12 file password: $ ls /tmp first-ca-server-certificate |
Import the certificate.
$ dsadm import-cert instance-path cert-file |
For example, to import the certificate to a server instance:
$ dsadm import-cert /local/ds2 /tmp/first-ca-server-certificate Enter the PKCS#12 file password: |
(Optional) If you have imported the certificate to a server, configure the server to use the imported certificate.
$ dsconf set-server-prop -e -h host -p port ssl-rsa-cert-name:server-cert |