Export or import a PKCS #12 file into a certificates file and a private key.
The utility is located in:
(UNIX) $SYBASE/$SYBASE_OCS/bin.
(Windows) the utility is certpk12.exe, located in %SYBASE%\%SYBASE_OCS%\bin.
certpk12 {-O Pkcs12_file | -I Pkcs12_file} [-C Cert_file] [-K Key_file] [-P key_password] [-E Pkcs12_password]
Or
certpk12 -v
specifies the name of a PKCS #12 file to be exported. The file can contain a certificate plus a private key, a single certificate, or a single private key. Either -O or -I needs to be on.
specifies the name of a PKCS #12 file to be imported. The file can contain a certificate plus a private key, a single certificate, or a single private key. Either -I or -O needs to be on.
specifies the name of certificate file to be exported to a PKCS #12 file if -O is on; or the name of certificate file to be imported from a PKCS #12 file if -I is on.
specifies the name of private key file to be exported to a PKCS #12 file if -O is on; or the name of private key file to be imported from a PKCS #12 file if -I is on.
specifies the password which is used to protect the private key specified by -K. If -O is on, the password is required to export the private key to a PKCS #12 file; if -I is on, the password is required to output the private key to a text file after it is imported from a PKCS #12 file.
specifies the password used to protect the PKCS #12 file. If -O is on, the password is used to encrypt the PKCS #12 file to be exported; if -I is on, the password is used to decrypt the PKCS #12 file to be imported. The password is also called “transport password.”
prints the version number and copyright message of the certpk12 tool and exits.
Exports caRSA.crt, the certificate file and caRSApkey.txt, the private key file, to a PKCS#12 file (caRSA.p12). password is the password used to decrypt caRSApkey.txt. pk12password is the password used to encrypt the final caRSA.p12:
certpk12 -O caRSA.p12 -C caRSA.crt -K caRSApkey.txt -P password -E pk12password
-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
Imports caRSA.p12, a PKCS #12 file that contains a certificate and a private key. Output the embedded certificate to a text file (caRSA_new.crt) and the embedded private key to a text file (caRSApkey_new.txt):
certpk12 -I caRSA.p12 -C caRSA_new.crt -K caRSApkey_new.txt -P new_password -E pk12password
-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
new_password is used to protect caRSApkey_new.txt, and pk12password is required to decrypt caRSA.p12 file.
After you run examples 1 and 2, caRSA.crt and caRSA_new.crt are identical. caRSApkey.txt and caRSApkey_new.txt are different because they are encrypted randomly.
Exports the certificate file (caRSA.crt) to a PKCS#12 file (caRSAcert.p12). pkcs12password is used to encrypt caRSAcert.p12.
certpk12 -O caRSAcert.p12 -C caRSA.crt -E pk12password
-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
Imports a PKCS#12 file (caRSAcert.p12) that contains a certificate. Output the embedded certificate to a text file (caRSAcert.txt).
certpk12 -I caRSAcert.p12 -C caRSAcert.txt -E pk12password
-- Sybase PKCS#12 Conversion Utility certpk12 Thu Nov 9 16:55:51 2000--
pk12password is required to decrypt caRSAcert.p12 file.
After you run Examples 3 and 4, the caRSA.crt and caRSAcert.txt, are identical.
Adaptive Server includes the openssl open source utility in $SYBASE/$SYBASE_OCS/bin (%SYBASE%\%SYBASE_OCS%\bin in Windows). Use openssl to accomplish all certificate management tasks implemented by certreq, certauth and certpk12. Sybase includes this binary as a convenience, and is not responsible for any issues incurred using the binary. See the OpenSSL Web site for details.
certpk12 only supports triple-DES encrypted PKCS #12 file.
Running certpk12 requires that you place the entry for $SYBASE/$SYBASE_OCS/lib3p before the entry for $SYBASE/$SYBASE_OCS/libp364 in the dynamic library search path
Append certificate requestor’s private key to the end of its signed certificate file.
Name the file servername.crt, where servername is the name of the server. Place it in the certificates directory under $SYBASE/$SYBASE_ASE (%SYBASE%\%SYBASE_ASE% on Windows).
This file is needed to start the SSL-enabled Adaptive Server.