Month: May 2019

  • Extract PEM certificates and keys from a shared NSS DB

    $ certutil -L -d . Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI FreeIPA CA CT,C,C $ certutil -L -d . -a -n ‘FreeIPA CA’ > freeipa.crt The PEM certificate should now be stored in free-ipa.crt. To extract the PEM key from key3.db use certutil, pk12util and openssl. $ certutil -K -d . -a $ pk12util -o keys.p12…