Show Table of Contents
12.4. Storing Certificates in NSS Databases
By default,
certmonger uses .pem files to store the key and the certificate. To store the key and the certificate in an NSS database, specify the -d and -n with the command you use for requesting the certificate.
-dsets the security database location-ngives the certificate nickname which is used for the certificate in the NSS database
Note
The
-d and -n options are used instead of the -f and -k options that give the .pem file.
For example:
[root@server ~]# selfsign-getcert request -d /export/alias -n ServerCert ...
Requesting a certificate using
ipa-getcert and local-getcert allows you to specify another two options:
-Fgives the file where the certificate of the CA is to be stored.-agives the location of the NSS database where the certificate of the CA is to be stored.
Note
If you request a certificate using
selfsign-getcert, there is no need to specify the -F and -a options because generating a self-signed certificate does not involve any CA.
Supplying the
-F option, the -a option, or both with local-getcert allows you to obtain a copy of the CA certificate that is required in order to verify a certificate issued by the local signer. For example:
[root@server ~]# local-getcert request -F /etc/httpd/conf/ssl.crt/ca.crt -n ServerCert -f /etc/httpd/conf/ssl.crt/server.crt -k /etc/httpd/conf/ssl.key/server.key
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.