Product Documentation

ssl pkcs12

Sep 12, 2016

The following operations can be performed on "ssl pkcs12":

convert ssl pkcs12

Converts the end-user certificate from PEM encoding format to PKCS#12 format. This certificate can then be distributed and installed in browsers as client certificates.

Synopsys

convert ssl pkcs12 <outfile> [-import [-pkcs12File <input_filename>] [-des | -des3] ] [-export [-certFile <input_filename>] [-keyFile <input_filename>]] {-password } {-PEMPassPhrase }

Arguments

outfile

Name for and, optionally, path to, the output file that contains the certificate and the private key after converting from PKCS#12 to PEM format. /nsconfig/ssl/ is the default path.

If importing, the certificate-key pair is stored in PEM format. If exporting, the certificate-key pair is stored in PKCS#12 format.

Maximum value: 63

import

Convert the certificate and private-key from PKCS#12 format to PEM format.

pkcs12File

Name for and, optionally, path to, the PKCS#12 file. If importing, specify the input file name that contains the certificate and the private key in PKCS#12 format. If exporting, specify the output file name that contains the certificate and the private key after converting from PEM to

PKCS#12 format. /nsconfig/ssl/ is the default path.

During the import operation, if the key is encrypted, you are prompted to enter the pass phrase used for encrypting the key.

Maximum value: 63

des

Encrypt the private key by using the DES algorithm in CBC mode during the import operation. On the command line, you are prompted to enter the pass phrase.

des3

Encrypt the private key by using the Triple-DES algorithm in EDE CBC mode (168-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.

export

Convert the certificate and private key from PEM format to PKCS#12 format. On the command line, you are prompted to enter the pass phrase.

certFile

Certificate file to be converted from PEM to PKCS#12 format.

Maximum value: 63

keyFile

Name of the private key file to be converted from PEM to PKCS#12 format. If the key file is encrypted, you are prompted to enter the pass phrase used for encrypting the key.

Maximum value: 63

password

PEMPassPhrase

Example

1) convert  ssl pkcs12   /nsconfig/ssl/client_certkey.p12 -export -cert /nsconfig/ssl/client_certcert.pem  -key /nsconfig/ssl/client_key.pem The above example CLI command converts the PEM encoded certificate and key file to PKCS#12. 2) convert ssl  pkcs12 /nsconfig/ssl/client_certkey.pem -import -pkcs12 /nsconfig/ssl/client_certcertkey.p12 The above example CLI command converts the PKCS12 file to PEM format. 3) convert ssl  pkcs12   /nsconfig/ssl/client_certkey.pem -import -pkcs12 /nsconfig/ssl/client_certcertkey.p12  -des The above example CLI command converts the PKCS12 file to PEM format, with encrypted key.  Note: The -des option will encrypt the output key using DES algorithm. User will be prompted to enter the pass-phrase to be used for encryption.