certauth  certreq

Chapter 7: Utility Commands Reference

certpk12

Description

NoteOpenSSL is distributed as a convenience in the Open Client Server (OCS) release. Documentation is available at the OpenSSL Web site

Export or import a PKCS #12 file into a certificates file and a private key. Located in $SYBASE/$SYBASE_OCS/bin.

Windows The utility is certpk12.exe, and is located in %SYBASE%\%SYBASE_OCS%\bin.

Syntax

certpk12
	{-O Pkcs12_file | -I Pkcs12_file}
	[-C Cert_file]
	[-K Key_file]
	[-P key_password]
	[-E Pkcs12_password]

Or

certpk12 -v

Parameters

-O Pkcs12_file

specifies the name of a PKCS #12 file to be exported. The file can contain a certificate plus a private key, a single certificate, or a single private key. Either -O or -I needs to be on.

-I Pkcs12_file

specifies the name of a PKCS #12 file to be imported. The file can contain a certificate plus a private key, a single certificate, or a single private key. Either -I or -O needs to be on.

-C Cert_file

specifies the name of certificate file to be exported to a PKCS #12 file if -O is on; or the name of certificate file to be imported from a PKCS #12 file if -I is on.

-K Key_file

specifies the name of private key file to be exported to a PKCS #12 file if -O is on; or the name of private key file to be imported from a PKCS #12 file if -I is on.

-P Key_password

specifies the password which is used to protect the private key specified by -K. If -O is on, the password is required to export the private key to a PKCS #12 file; if -I is on, the password is required to output the private key to a text file after it is imported from a PKCS #12 file.

-E Pkcs12_password

specifies the password used to protect the PKCS #12 file. If -O is on, the password is used to encrypt the PKCS #12 file to be exported; if -I is on, the password is used to decrypt the PKCS #12 file to be imported. The password is also called “transport password.”

-v

prints the version number and copyright message of the certpk12 tool and exits.

Examples

Example 1

Exports caRSA.crt, the certificate file and caRSApkey.txt, the private key file, to a PKCS#12 file (caRSA.p12). password is the password used to decrypt caRSApkey.txt. pk12password is the password used to encrypt the final caRSA.p12:

certpk12 -O caRSA.p12 -C caRSA.crt -K caRSApkey.txt 
    -P password -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--

Example 2

Imports caRSA.p12, a PKCS #12 file that contains a certificate and a private key. Output the embedded certificate to a text file (caRSA_new.crt) and the embedded private key to a text file (caRSApkey_new.txt):

certpk12 -I caRSA.p12 -C caRSA_new.crt -K caRSApkey_new.txt 
    -P new_password -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--

new_password is used to protect caRSApkey_new.txt, and pk12password is required to decrypt caRSA.p12 file.

NoteAfter you run examples 1 and 2, caRSA.crt and caRSA_new.crt are identical. caRSApkey.txt and caRSApkey_new.txt are different because they are encrypted randomly.

Example 3

Exports the certificate file (caRSA.crt) to a PKCS#12 file (caRSAcert.p12). pkcs12password is used to encrypt caRSAcert.p12.

certpk12 -O caRSAcert.p12 -C caRSA.crt -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--

Example 4

Imports a PKCS#12 file (caRSAcert.p12) that contains a certificate. Output the embedded certificate to a text file (caRSAcert.txt).

certpk12 -I caRSAcert.p12 -C caRSAcert.txt -E pk12password

-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--

pk12password is required to decrypt caRSAcert.p12 file.

NoteAfter you run Examples 3 and 4, the caRSA.crt and caRSAcert.txt, are identical.

Usage

See also

Utilities certauth, certreq




Copyright © 2009. Sybase Inc. All rights reserved. certreq

View this document as PDF