Overview#

The PKCS12Export is a tool to export all certificates and keys from an NSS database into a PKCS #12 file for backup or cloning. To export individual certificates and keys see PKI PKCS12 CLI.

Exporting System Certificates#

Store the server’s NSS database password in a file:

$ grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > internal.txt

Store the password for the new PKCS #12 file in a file:

$ echo Secret.123 > password.txt

Export the server keys and certificates with the following command:

$ PKCS12Export \
 -d /var/lib/pki/pki-tomcat/alias \
 -p internal.txt \
 -o pki-server.p12 \
 -w password.txt