You are hereextract private key and cert from pkcs12 (cert8.db/key3.db)

extract private key and cert from pkcs12 (cert8.db/key3.db)


By thomas - Posted on 25 January 2010

using fedora-ds/redhat-ds it creates cert8.db and key3.db to store the certs. I wanted to extract the private key as PEM so I could import it elsewhere.
[root@ldap] cd /etc/dirsrv/slapd-ldap
[root@ldap] pk12util -o cert.p12 -n 'server-cert' -d .
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file: 
Re-enter password: 
pk12util: PKCS12 EXPORT SUCCESSFUL
[root@ldap] openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts
Enter Import Password:
MAC verified OK
[root@ldap] cat cert.pem
Bag Attributes
    friendlyName: server-cert
    localKeyID: 10 F4 C2 F6 01 3C 66 AA 72 35 C9 A7 DA B9 12 3F 11 A1 98 F6 
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALA7rSWdSk4CVHef
...
BnevX/uQwZ3L1Qo=
-----END PRIVATE KEY-----
Bag Attributes
    friendlyName: server-cert
    localKeyID: 10 DD CC EE BB 3C 33 AC 72 35 C9 A7 DA B9 12 3F 11 A1 98 F6 
subject=/C=US/ST=Any State/L=Any Town/O=Example/CN=ldap.example.com
issuer=/C=US/ST=Any State/L=Any Town/O=Example/CN=certmaster.example.com
-----BEGIN CERTIFICATE-----
ChMcSW5zdGl0dXRlIGZvciBBZHZhbmNlZCBTdHVkeTEeMBwGA1UECxMVU2Nob29s
...
gIP23WbaOw4DygMwXfbJwF5K0xxv+NALlpoaZw==
-----END CERTIFICATE-----
I couldn't figure out how to do it with pk12util and certutil alone, the key was using openssl after exporting with pk12util...
Tags

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <bash>, </bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <latex>, </latex>, <sql>, </sql>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].

More information about formatting options

Refresh Type the characters you see in this picture.
Type the characters you see in the picture; if you can't read them, submit the form and a new image will be generated. Not case sensitive.  Switch to audio verification.