12.4. Storing Certificates in NSS Databases
.pemfiles to store the key and the certificate. To store the key and the certificate in an NSS database, specify the
-nwith the command you use for requesting the certificate.
-dsets the security database location
-ngives the certificate nickname which is used for the certificate in the NSS database
-noptions are used instead of the
-koptions that give the
[root@server ~]# selfsign-getcert request -d /export/alias -n ServerCert ...
local-getcertallows you to specify another two options:
-Fgives the file where the certificate of the CA is to be stored.
-agives the location of the NSS database where the certificate of the CA is to be stored.
selfsign-getcert, there is no need to specify the
-aoptions because generating a self-signed certificate does not involve any CA.
-aoption, or both with
local-getcertallows you to obtain a copy of the CA certificate that is required in order to verify a certificate issued by the local signer. For example:
[root@server ~]# local-getcert request -F /etc/httpd/conf/ssl.crt/ca.crt -n ServerCert -f /etc/httpd/conf/ssl.crt/server.crt -k /etc/httpd/conf/ssl.key/server.key