certpk12

Export or import a PKCS #12 file into a certificates file and a private key.

The utility is located in:

(UNIX) $SYBASE/$SYBASE_OCS/bin.
(Windows) %SYBASE%\%SYBASE_OCS%\bin, as certpk12.exe.

Syntax

certpk12
	{-O Pkcs12_file | -I Pkcs12_file}
	[-C Cert_file]
	[-K Key_file]
	[-P key_password]
	[-E Pkcs12_password]

or:

certpk12 -v

Parameters

-C Cert_file – specifies the name of certificate file to be exported to a PKCS #12 file if -O is on; or the name of certificate file to be imported from a PKCS #12 file if -I is on.
-E Pkcs12_password – specifies the password used to protect the PKCS #12 file. If -O is on, the password is used to encrypt the PKCS #12 file to be exported; if -I is on, the password is used to decrypt the PKCS #12 file to be imported. The password is also called “transport password.”
-I Pkcs12_file – specifies the name of a PKCS #12 file to be imported. The file can contain a certificate plus a private key, a single certificate, or a single private key. Either -I or -O needs to be on.
-K Key_file – specifies the name of private key file to be exported to a PKCS #12 file if -O is on; or the name of private key file to be imported from a PKCS #12 file if -I is on.
-O Pkcs12_file – specifies the name of a PKCS #12 file to be exported. The file can contain a certificate plus a private key, a single certificate, or a single private key. Either -O or -I needs to be on.
-P Key_password – specifies the password which is used to protect the private key specified by -K. If -O is on, the password is required to export the private key to a PKCS #12 file; if -I is on, the password is required to output the private key to a text file after it is imported from a PKCS #12 file.
-v – prints the version number and copyright message of the certpk12 tool and exits.

Examples

Export certificate and private key file – Exports caRSA.crt, the certificate file and caRSApkey.txt, the private key file, to a PKCS#12 file (caRSA.p12). password is the password used to decrypt caRSApkey.txt. pk12password is the password used to encrypt the final caRSA.p12:
```
certpk12 -O caRSA.p12 -C caRSA.crt -K caRSApkey.txt 
    -P password -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
```
Import file containing certificate and private key – Imports caRSA.p12, a PKCS #12 file that contains a certificate and a private key. Output the embedded certificate to a text file (caRSA_new.crt) and the embedded private key to a text file (caRSApkey_new.txt):
```
certpk12 -I caRSA.p12 -C caRSA_new.crt -K caRSApkey_new.txt 
    -P new_password -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
```
new_password is used to protect caRSApkey_new.txt, and pk12password is required to decrypt caRSA.p12 file.

Note: After you run examples 1 and 2, caRSA.crt and caRSA_new.crt are identical. caRSApkey.txt and caRSApkey_new.txt are different because they are encrypted randomly.
Export certificate file – Exports the certificate file (caRSA.crt) to a PKCS#12 file (caRSAcert.p12). pkcs12password is used to encrypt caRSAcert.p12.
```
certpk12 -O caRSAcert.p12 -C caRSA.crt -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
```
Import file containing certificate – Imports a PKCS#12 file (caRSAcert.p12) that contains a certificate. Output the embedded certificate to a text file (caRSAcert.txt).
```
certpk12 -I caRSAcert.p12 -C caRSAcert.txt -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
```
pk12password is required to decrypt caRSAcert.p12 file.

Note: After you run Examples 3 and 4, the caRSA.crt and caRSAcert.txt, are identical.

Usage

Adaptive Server includes the openssl open source utility in $SYBASE/$SYBASE_OCS/bin (%SYBASE%\%SYBASE_OCS%\bin in Windows). Use openssl to accomplish all certificate management tasks implemented by certreq, certauth and certpk12. Sybase includes this binary as a convenience, and is not responsible for any issues incurred using the binary. See the OpenSSL Web site for details.
certpk12 only supports triple-DES encrypted PKCS #12 file.
Running certpk12 requires that you place the entry for $SYBASE/$SYBASE_OCS/lib3p before the entry for $SYBASE/$SYBASE_OCS/libp364 in the dynamic library search path
Append certificate requestor’s private key to the end of its signed certificate file.
Name the file servername.crt, where servername is the name of the server. Place it in the certificates directory under $SYBASE/$SYBASE_ASE (%SYBASE%\%SYBASE_ASE% on Windows).

This file is needed to start the SSL-enabled Adaptive Server.