Chapter 23. Smart-card Authentication in Identity Management
23.1. Exporting a Certificate From a Smart Card
- Place the smart card into the reader.
- Use the following command to list the certificates on the smart card. In the output, locate the certificate to use for authentication, and note its nickname:
$ certutil -L -d /etc/pki/nssdb/ -h all Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI my_certificate CT,C,C
- Extract the certificate to a file using the certificate nickname. For example, to extract the certificate in the Base64 format to a file named
$ certutil -L -d /etc/pki/nssdb/ -n 'my_certificate' -r | base64 -w 0 > user.crtThe
base64utility is part of the coreutils package.