Skip to content

PKI NSS Certificate CLI

Jump to bottom
Endi S. Dewata edited this page Aug 21, 2023 · 13 revisions

Overview

The pki nss-cert commands can be used to manage certificates in an NSS database.

Listing Certificates in NSS Database

To list certificates in NSS database:

$ pki nss-cert-find

Availability: Since PKI 11.1.

Displaying Certificate Info

To display certificate info:

$ pki nss-cert-show caadmin
  Nickname: caadmin
  Serial Number: 0x844a78e9c0c7567b80da5343fb049110
  Subject DN: CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE
  Issuer DN: CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE
  Not Valid Before: Wed Aug 02 18:18:40 CDT 2023
  Not Valid After: Tue Jul 22 18:18:40 CDT 2025
  Trust Flags: u,u,u

To display certificate info in JSON format:

$ pki nss-cert-show caadmin --output-format json
{
  "nickname" : "caadmin",
  "serialNumber" : "0x844a78e9c0c7567b80da5343fb049110",
  "subjectDN" : "CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE",
  "issuerDN" : "CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE",
  "notBefore" : 1691018320000,
  "notAfter" : 1753226320000,
  "trustFlags" : "u,u,u"
}

Generating Certificate Request in NSS Database

Issuing Certificate using NSS Database

Importing Certificate into NSS Database

To import a certificate into NSS database:

$ pki nss-cert-import [nickname] \
    --cert <filename> \
    --trust <attributes>

Availability: Since PKI 10.9.

Exporting Certificate from NSS Database

To export a certificate from NSS database:

$ pki nss-cert-export <nickname>
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally