forked from nss-dev/nss
-
Notifications
You must be signed in to change notification settings - Fork 0
Importing Certificate
Endi S. Dewata edited this page Jan 20, 2022
·
1 revision
To add a certificate into the internal token:
$ certutil -A -d nssdb -n testcert -i testcert.pem -t "CT,C,C"
To add a certificate into both the internal token and the HSM:
$ certutil -A -d nssdb -h HSM -f password.HSM -n testcert -i testcert.pem -t "CT,C,C"
To add a certificate only to the HSM:
$ certutil -A -d nssdb -h HSM -f password.HSM -P HSM -n testcert -i testcert.pem -t "CT,C,C"
Do NOT execute the following command, it will mess up the database:
$ certutil -A -d nssdb -h HSM -f password.HSM -n HSM:testcert -i testcert.pem -t "CT,C,C"
In FIPS mode, the certificate has to be added separately into internal token and HSM (see bug #1393668):
$ certutil -A -d nssdb -h HSM -f password.HSM -n testcert -i testcert.pem -t "" $ certutil -A -d nssdb -f password.internal -n testcert -i testcert.pem -t "CT,C,C"