.nh .TH pki-pkcs12 1 "Oct 28, 2016" PKI "PKI PKCS #12 Management Commands" .SH NAME .PP pki-pkcs12 - Command-line interface for managing certificates and keys in PKCS #12 file. .SH SYNOPSIS .PP \fBpki\fP [\fICLI-options\fP] \fBpkcs12\fP .br \fBpki\fP [\fICLI-options\fP] \fBpkcs12-export\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBpkcs12-import\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBpkcs12-cert\fP [\fIcommand-options\fP] .br \fBpki\fP [\fICLI-options\fP] \fBpkcs12-key\fP [\fIcommand-options\fP] .SH DESCRIPTION .PP The \fBpki pkcs12\fP commands provide command-line interfaces to manage certificate and keys in a PKCS #12 file. .PP \fBpki\fP [\fICLI-options\fP] \fBpkcs12-export\fP [\fIcommand-options\fP] .br This command is to export all certificates and keys from an NSS database into a PKCS #12 file. .PP \fBpki\fP [\fICLI-options\fP] \fBpkcs12-import\fP [\fIcommand-options\fP] .br This command is to import all certificates and keys from a PKCS #12 file into an NSS database. .PP \fBpki\fP [\fICLI-options\fP] \fBpkcs12-cert\fP [\fIcommand-options\fP] .br This command is to manage individual certificates in a PKCS #12 file. See \fBpki-pkcs12-cert(1)\fP\&. .PP \fBpki\fP [\fICLI-options\fP] \fBpkcs12-key\fP [\fIcommand-options\fP] .br This command is to import individual keys in a PKCS #12 file. See \fBpki-pkcs12-key(1)\fP\&. .SH OPTIONS .PP The CLI options are described in \fBpki(1)\fP\&. .SH OPERATIONS .PP To view available PKCS #12 commands, type \fBpki pkcs12\fP\&. To view each command's usage, type \fBpki pkcs12-<command> --help\fP\&. .PP All \fBpki pkcs12\fP commands require a PKCS #12 file and its password. The PKCS #12 file can be specified with the \fB--pkcs12-file\fP parameter. The password can be specified either directly with the \fB--pkcs12-password\fP parameter, or in a file with the \fB--pkcs12-password-file\fP parameter. .PP Some \fBpki pkcs12\fP commands require an NSS database and its password. The NSS database location can be specified with the \fB-d\fP parameter (default: ~/.dogtag/nssdb). The NSS database password can be specified with the \fB-c\fP or the \fB-C\fP parameter. .SS Exporting all certificates and keys into a PKCS #12 file .PP To export all certificates and keys from an NSS database into a PKCS #12 file: .PP .RS .nf $ pki pkcs12-export \\ [nicknames...] .fi .RE .PP By default the command will export all certificates in the NSS database. To export certain certificates only, specify the certificate nicknames as separate arguments. .PP By default the command will always create a new PKCS #12 file. To export into an existing PKCS #12 file, specify the \fB--append\fP parameter. .PP By default the command will include the certificate chain. To export without certificate chain, specify the \fB--no-chain\fP parameter. .PP By default the command will include the key of each certificate. To export without the key, specify the \fB--no-key\fP parameter. .PP By default the command will include the trust flags of each certificate. To export without the trust flags, specify the \fB--no-trust-flags\fP parameter. .SS Importing certificates and keys from a PKCS #12 file .PP To import certificates and keys from a PKCS #12 file into an NSS database: .PP .RS .nf $ pki pkcs12-import \\ .fi .RE .PP By default the command will include all certificates in the PKCS #12 file. To import without the CA certificates (certificates without keys), specify the \fB--no-ca-certs\fP parameter. To import without the user certificates (certificates with keys), specify the \fB--no-user-certs\fP parameter. .PP By default the command will skip a certificate if it already exists in the NSS database. To overwrite the nickname, the key, and the trust flags of existing certificates, specify the \fB--overwrite\fP parameter. .PP By default the command will include the trust flags of each certificate. To import without the trust flags, specify the \fB--no-trust-flags\fP parameter. .SH SEE ALSO .PP \fBpki-pkcs12-cert(1)\fP, \fBpki-pkcs12-key(1)\fP .SH AUTHORS .PP Endi S. Dewata <edewata@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2016 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.