Facebook Twitter
Linkedin LJ
Git Instagram
IPv6
1 post tagged

freeipa

Extract PEM certificates and keys from a shared NSS DB

$ certutil -L -d .
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

FreeIPA CA CT,C,C

$ certutil -L -d . -a -n ‘FreeIPA CA’ > freeipa.crt

The PEM certificate should now be stored in free-ipa.crt.

To extract the PEM key from key3.db use certutil, pk12util and openssl.

$ certutil -K -d . -a
$ pk12util -o keys.p12 -n ‘FreeIPA Key’ -d .
$ openssl pkcs12 -in keys.p12 -out freeipa.key -nodes

 194   6 mon   freeipa   linux