PKI PKCS7 CLI - dogtagpki/pki GitHub Wiki

Importing Certificate Chain into NSS Database

To import a PKCS #7 file that contains a certificate chain without a corresponding key in the NSS database:

$ pki pkcs7-import --input-file test.p7b

To import a PKCS #7 file that contains a certificate chain with a corresponding key in the NSS database:

$ pki pkcs7-import --input-file test.p7b --trust-flags <trust flags> <nickname>

Availability: since PKI 10.9

Exporting Certificate Chain from NSS Database

To export a certificate chain from NSS database to the console in PKCS #7 format:

$ pki pkcs7-export sslserver

To export a certificate chain from NSS database into a file in PKCS #7 format:

$ pki pkcs7-export sslserver --pkcs7 sslserver.p7b

Availability: since PKI 10.11

Listing Certificates in PKCS #7 File

To list the certificates in a PKCS #7 file:

$ pki pkcs7-cert-find --pkcs7-file test.p7b
  Serial Number: 0x1
  Subject DN: CN=CA Signing Certificate,O=EXAMPLE
  Issuer DN: CN=CA Signing Certificate,O=EXAMPLE

  Serial Number: 0x6
  Subject DN: CN=PKI Administrator,[email protected],O=EXAMPLE
  Issuer DN: CN=CA Signing Certificate,O=EXAMPLE

Importing Certificate into PKCS #7 File

To import a certificate into a new PKCS #7 file:

$ pki pkcs7-cert-import --pkcs7-file test.p7b --cert-file ca_signing.crt

To append a certificate into an existing PKCS #7 file:

$ pki pkcs7-cert-import --pkcs7-file test.p7b --cert-file sslserver.crt --append

Availability: since PKI 10.11

Exporting Certificates from PKCS #7 File

To export the certificates from a PKCS #7 file into separate files:

$ pki pkcs7-cert-export --pkcs7-file test.p7b --output-prefix test- --output-suffix .crt
Exported test-1.crt: CN=CA Signing Certificate,O=EXAMPLE
Exported test-2.crt: CN=PKI Administrator,[email protected],O=EXAMPLE

See Also

⚠️ **GitHub.com Fallback** ⚠️