To Export and Import a CA-Signed Server
Certificate
In some cases you might want to export the public and private keys of a certificate so that you can later import the certificate. For example, you might want the certificate to be used by another server.
The commands in this procedure can be used with certificates that contain wild cards, for example "cn=*,o=example".
You can use DSCC to perform this task. For information, see Directory Service Control Center Interface and the DSCC online help.
-
Export the certificate.
$ dsadm export-cert [-o output-file] instance-path cert-alias
For example:
$ dsadm export-cert -o /tmp/first-certificate /local/ds1 "First Certificate" $ dsadm export-cert -o /tmp/first-ca-server-certificate /local/ds1/ defaultCert Choose the PKCS#12 file password: Confirm the PKCS#12 file password: $ ls /tmp first-ca-server-certificate
-
Import the certificate.
$ dsadm import-cert instance-path cert-file
For example, to import the certificate to a server instance on host1:
$ dsadm import-cert -h host1 /local/ds2 /tmp/first-ca-server-certificate Enter the PKCS#12 file password:
-
(Optional) If you have imported the certificate to a server, configure the server to use the imported certificate.
$ dsconf set-server-prop -e -h host -p port -w - ssl-rsa-cert-name:server-cert
- © 2010, Oracle Corporation and/or its affiliates