Oracle Fusion Middleware Administration Guide for Oracle Directory Server Enterprise Edition

ProcedureTo Export and Import a CA-Signed Server Certificate

In some cases you might want to export the public and private keys of a certificate so that you can later import the certificate. For example, you might want the certificate to be used by another server.

The commands in this procedure can be used with certificates that contain wild cards, for example "cn=*,o=example".

You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.

  1. Export the certificate.

    $ dsadm export-cert [-o output-file] instance-path cert-alias

    For example:

    $ dsadm export-cert -o /tmp/first-certificate /local/ds1 "First Certificate"
    $ dsadm export-cert -o /tmp/first-ca-server-certificate /local/ds1/ defaultCert
    Choose the PKCS#12 file password:
    Confirm the PKCS#12 file password:
    $ ls /tmp
  2. Import the certificate.

    $ dsadm import-cert instance-path cert-file

    For example, to import the certificate to a server instance:

    $ dsadm import-cert /local/ds2 /tmp/first-ca-server-certificate
    Enter the PKCS#12 file password:
  3. (Optional) If you have imported the certificate to a server, configure the server to use the imported certificate.

    $ dsconf set-server-prop -e -h host -p port ssl-rsa-cert-name:server-cert