Skip to content

PKI NSS Certificate CLI

Jump to bottom
Endi S. Dewata edited this page Apr 28, 2023 · 13 revisions

Overview

The pki nss-cert commands can be used to manage certificates in an NSS database.

Listing Certificates in NSS Database

To list certificates in NSS database:

$ pki nss-cert-find

Availability: Since PKI 11.1.

Displaying Certificate Details

$ pki nss-cert-show caadmin
  Nickname: caadmin
  Serial Number: 0xd66c3ea90a53b334d0baaeebc1719aaf
  Subject DN: CN=PKI Administrator,E=caadmin@example.com,OU=pki-tomcat,O=EXAMPLE
  Issuer DN: CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE
  Not Valid Before: Thu Apr 27 14:29:00 CDT 2023
  Not Valid After: Wed Apr 16 14:29:00 CDT 2025
  Trust Flags: u,u,u

Generating Certificate Request in NSS Database

Issuing Certificate using NSS Database

Importing Certificate into NSS Database

To import a certificate into NSS database:

$ pki nss-cert-import [nickname] \
    --cert <filename> \
    --trust <attributes>

Availability: Since PKI 10.9.

Exporting Certificate from NSS Database

To export a certificate from NSS database:

$ pki nss-cert-export <nickname>
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally