PKI PKCS7 CLI - dogtagpki/pki GitHub Wiki
To import a PKCS #7 file that contains a certificate chain without a corresponding key in the NSS database:
$ pki pkcs7-import --input-file test.p7b
To import a PKCS #7 file that contains a certificate chain with a corresponding key in the NSS database:
$ pki pkcs7-import --input-file test.p7b --trust-flags <trust flags> <nickname>
Availability: since PKI 10.9
To export a certificate chain from NSS database to the console in PKCS #7 format:
$ pki pkcs7-export sslserver
To export a certificate chain from NSS database into a file in PKCS #7 format:
$ pki pkcs7-export sslserver --pkcs7 sslserver.p7b
Availability: since PKI 10.11
To list the certificates in a PKCS #7 file:
$ pki pkcs7-cert-find --pkcs7-file test.p7b Serial Number: 0x1 Subject DN: CN=CA Signing Certificate,O=EXAMPLE Issuer DN: CN=CA Signing Certificate,O=EXAMPLE Serial Number: 0x6 Subject DN: CN=PKI Administrator,[email protected],O=EXAMPLE Issuer DN: CN=CA Signing Certificate,O=EXAMPLE
To import a certificate into a new PKCS #7 file:
$ pki pkcs7-cert-import --pkcs7-file test.p7b --cert-file ca_signing.crt
To append a certificate into an existing PKCS #7 file:
$ pki pkcs7-cert-import --pkcs7-file test.p7b --cert-file sslserver.crt --append
Availability: since PKI 10.11
To export the certificates from a PKCS #7 file into separate files:
$ pki pkcs7-cert-export --pkcs7-file test.p7b --output-prefix test- --output-suffix .crt Exported test-1.crt: CN=CA Signing Certificate,O=EXAMPLE Exported test-2.crt: CN=PKI Administrator,[email protected],O=EXAMPLE