ssl-pkcs12¶
The following operations can be performed on "ssl-pkcs12":
convert ssl pkcs12¶
Converts the end-user certificate from PEM encoding format to PKCS#12 format. This certificate can then be distributed and installed in browsers as client certificates.
Synopsis¶
convert ssl pkcs12 <outfile> [-import [-pkcs12File <input_filename>] (-des | -des3 | -aes256) ] [-export [-certFile <input_filename>] [-keyFile <input_filename>]] {-password } {-PEMPassPhrase }
Arguments¶
outfile
Name for and, optionally, path to, the output file that contains the certificate and the private key after converting from PKCS#12 to PEM format. /nsconfig/ssl/ is the default path. If importing, the certificate-key pair is stored in PEM format. If exporting, the certificate-key pair is stored in PKCS#12 format. Maximum value: 63
import
Convert the certificate and private-key from PKCS#12 format to PEM format.
pkcs12File
Name for and, optionally, path to, the PKCS#12 file. If importing, specify the input file name that contains the certificate and the private key in PKCS#12 format. If exporting, specify the output file name that contains the certificate and the private key after converting from PEM to PKCS#12 format. /nsconfig/ssl/ is the default path. During the import operation, if the key is encrypted, you are prompted to enter the pass phrase used for encrypting the key. Maximum value: 63
des
Encrypt the private key by using the DES algorithm in CBC mode during the import operation. On the command line, you are prompted to enter the pass phrase.
des3
Encrypt the private key by using the Triple-DES algorithm in EDE CBC mode (168-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.
aes256
Encrypt the private key by using the AES algorithm (256-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.
export
Convert the certificate and private key from PEM format to PKCS#12 format. On the command line, you are prompted to enter the pass phrase.
certFile
Certificate file to be converted from PEM to PKCS#12 format. Maximum value: 63
keyFile
Name of the private key file to be converted from PEM to PKCS#12 format. If the key file is encrypted, you are prompted to enter the pass phrase used for encrypting the key. Maximum value: 63
password
PEMPassPhrase
Example¶
1)convert ssl pkcs12 /nsconfig/ssl/client_certkey.p12 -export -cert /nsconfig/ssl/client_certcert.pem -key /nsconfig/ssl/client_key.pem The above example CLI command converts the PEM encoded certificate and key file to PKCS#12. 2)convert ssl pkcs12 /nsconfig/ssl/client_certkey.pem -import -pkcs12 /nsconfig/ssl/client_certcertkey.p12 The above example CLI command converts the PKCS12 file to PEM format. 3)convert ssl pkcs12 /nsconfig/ssl/client_certkey.pem -import -pkcs12 /nsconfig/ssl/client_certcertkey.p12 -des The above example CLI command converts the PKCS12 file to PEM format, with encrypted key.
Note:The -des option will encrypt the output key using DES algorithm. User will be prompted to enter the pass-phrase to be used for encryption.