Provided by: pki-tools_10.8.3-1ubuntu1_amd64 
NAME
pki-pkcs12-cert - Command-line interface for managing individual certificates in PKCS #12
file.
SYNOPSIS
pki [CLI-options] pkcs12-cert
pki [CLI-options] pkcs12-cert-find [command-options]
pki [CLI-options] pkcs12-cert-export nickname [command-options]
pki [CLI-options] pkcs12-cert-import nickname [command-options]
pki [CLI-options] pkcs12-cert-mod nickname [command-options]
pki [CLI-options] pkcs12-cert-del nickname [command-options]
DESCRIPTION
The pki pkcs12-cert commands provide command-line interfaces to manage certificates in a
PKCS #12 file.
pki [CLI-options] pkcs12-cert-find [command-options]
This command is to list certificates in a PKCS #12 file.
pki [CLI-options] pkcs12-cert-export nickname [command-options]
This command is to export a certificate from a PKCS #12 file.
pki [CLI-options] pkcs12-cert-import nickname [command-options]
This command is to import a certificate into a PKCS #12 file.
pki [CLI-options] pkcs12-cert-mod nickname [command-options]
This command is to modify a certificate in a PKCS #12 file.
pki [CLI-options] pkcs12-cert-del nickname [command-options]
This command is to delete a certificate from a PKCS #12 file.
OPTIONS
The CLI options are described in pki(1).
OPERATIONS
To view available profile commands, type pki pkcs12-cert. To view each command's usage,
type pki pkcs12-cert-<command> --help.
All pki pkcs12-cert commands require a PKCS #12 file and its password. The PKCS #12 file
can be specified with the --pkcs12-file parameter. The password can be specified either
directly with the --pkcs12-password parameter, or in a file with the
--pkcs12-password-file parameter.
Some pki pkcs12-cert commands require an NSS database and its password. The NSS database
location can be specified with the -d parameter (default: /.dogtag/nssdb). The NSS
database password can be specified with the -c or the -C parameter.
Viewing certificates in a PKCS #12 file
To list the certificates in a PKCS #12 file:
$ pki pkcs12-cert-find <PKCS #12 file> <PKCS #12 password>
Exporting a certificate from a PKCS #12 file
To export a certificate from a PKCS #12 file into a file in PEM format:
$ pki pkcs12-cert-export <nickname> <PKCS #12 file> <PKCS #12 password> <cert file>
The certificate file can be specified with the --cert-file parameter.
Importing a certificate into a PKCS #12 file
To import a certificate including its key and trust flags from an NSS database into a PKCS
#12 file:
$ pki <NSS database location> <NSS database password> pkcs12-cert-import <nickname> \
<PKCS #12 file> <PKCS #12 password>
If the PKCS #12 file does not exist, it will be created automatically. If the PKCS #12
file already exists, the certificate will be added into the file.
The trust flags can be overwritten with the --trust-flags parameter. If the key is not
needed, specify the --no-key parameter.
Modifying a certificate in a PKCS #12 file
To modify the trust flags of a certificate in a PKCS #12 file:
$ pki pkcs12-cert-mod <nickname> <PKCS #12 file> <PKCS #12 password> <trust flags>
The trust flags can be specified with the --trust-flags parameter.
Deleting a certificate from a PKCS #12 file
To delete a certificate and its key from a PKCS #12 file:
$ pki pkcs12-cert-del <nickname> <PKCS #12 file> <PKCS #12 password>
SEE ALSO
pki-pkcs12(1)
AUTHORS
Endi S. Dewata <edewata@redhat.com>.
COPYRIGHT
Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public License,
version 2 (GPLv2). A copy of this license is available at
⟨http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.