Show Table of Contents
12.4. Storing Certificates in NSS Databases
.pemfiles to store the key and the certificate. To store the key and the certificate in an NSS database, specify the
-nwith the command you use for requesting the certificate.
-dsets the security database location
-ngives the certificate nickname which is used for the certificate in the NSS database
-noptions are used instead of the
-koptions that give the
[root@server ~]# selfsign-getcert request -d /export/alias -n ServerCert ...
Requesting a certificate using
local-getcertallows you to specify another two options:
-Fgives the file where the certificate of the CA is to be stored.
-agives the location of the NSS database where the certificate of the CA is to be stored.
If you request a certificate using
selfsign-getcert, there is no need to specify the
-aoptions because generating a self-signed certificate does not involve any CA.
-aoption, or both with
local-getcertallows you to obtain a copy of the CA certificate that is required in order to verify a certificate issued by the local signer. For example:
[root@server ~]# local-getcert request -F /etc/httpd/conf/ssl.crt/ca.crt -n ServerCert -f /etc/httpd/conf/ssl.crt/server.crt -k /etc/httpd/conf/ssl.key/server.key