Importing existing key/certificate into NSS (PKCS#11) database

Environment

Red Hat JBoss Enterprise Application Platform (EAP) 5.2.0
PKCS#11 for SSL as described in How do I make JBoss Web use FIPS 140-2 compliant cryptography? knowledge article

Issue

Issues importing keystore certificate into PKCS11
Importing existing PKCS#12 keystore into my Mozilla Network Security Services (NSS) database

Resolution

You can import your existing PKCS#12 keystore into an Network Security Services (NSS) database for PKCS#11 with:

pk12util -d <NSS database path> -i <PKCS#12 keystore>

If you need to convert your JKS keystore to PKCS#12 you can do that with:

keytool -importkeystore -srckeystore <JKS keystore> -destkeystore <new PKCS#12 filename> -srcstoretype JKS -deststoretype PKCS12 -srcstorepass <password> -deststorepass <password> srcalias <alias> -destalias <alias> -srckeypass <password> -destkeypass <password> -noprompt

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Importing existing key/certificate into NSS (PKCS#11) database

Environment

Issue

Resolution