Overview#
The PKCS12Export is a tool to export all certificates and keys from an NSS database into a PKCS #12 file for backup or cloning. To export individual certificates and keys see PKI PKCS12 CLI.
Exporting System Certificates#
Store the server’s NSS database password in a file:
$ grep "internal=" /var/lib/pki/pki-tomcat/conf/password.conf | awk -F= '{print $2}' > internal.txt
Store the password for the new PKCS #12 file in a file:
$ echo Secret.123 > password.txt
Export the server keys and certificates with the following command:
$ PKCS12Export \
-d /var/lib/pki/pki-tomcat/alias \
-p internal.txt \
-o pki-server.p12 \
-w password.txt