ADC CLI Commands

ssl-pkcs12

The following operations can be performed on “ssl-pkcs12”:

convert ssl pkcs12

Converts the end-user certificate from PEM encoding format to PKCS#12 format. This certificate can then be distributed and installed in browsers as client certificates.

Synopsis

convert ssl pkcs12 \[-import \[-pkcs12File <input\_filename>] \(-des | -des3 | -aes256) ] \[-export \[-certFile <input\_filename>] \[-keyFile <input\_filename>]] {-password } {-PEMPassPhrase }

Arguments

outfile Name for and, optionally, path to, the output file that contains the certificate and the private key after converting from PKCS#12 to PEM format. /nsconfig/ssl/ is the default path. If importing, the certificate-key pair is stored in PEM format. If exporting, the certificate-key pair is stored in PKCS#12 format. Maximum value: 63

import Convert the certificate and private-key from PKCS#12 format to PEM format.

pkcs12File Name for and, optionally, path to, the PKCS#12 file. If importing, specify the input file name that contains the certificate and the private key in PKCS#12 format. If exporting, specify the output file name that contains the certificate and the private key after converting from PEM to PKCS#12 format. /nsconfig/ssl/ is the default path. During the import operation, if the key is encrypted, you are prompted to enter the pass phrase used for encrypting the key. Maximum value: 63

des Encrypt the private key by using the DES algorithm in CBC mode during the import operation. On the command line, you are prompted to enter the pass phrase.

des3 Encrypt the private key by using the Triple-DES algorithm in EDE CBC mode (168-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.

aes256 Encrypt the private key by using the AES algorithm (256-bit key) during the import operation. On the command line, you are prompted to enter the pass phrase.

export Convert the certificate and private key from PEM format to PKCS#12 format. On the command line, you are prompted to enter the pass phrase.

certFile Certificate file to be converted from PEM to PKCS#12 format. Maximum value: 63

keyFile Name of the private key file to be converted from PEM to PKCS#12 format. If the key file is encrypted, you are prompted to enter the pass phrase used for encrypting the key. Maximum value: 63

password PEMPassPhrase

Example

1)convert ssl pkcs12 /nsconfig/ssl/client_certkey.p12 -export -cert /nsconfig/ssl/client_certcert.pem -key /nsconfig/ssl/client_key.pem The above example CLI command converts the PEM encoded certificate and key file to PKCS#12. 2)convert ssl pkcs12 /nsconfig/ssl/client_certkey.pem -import -pkcs12 /nsconfig/ssl/client_certcertkey.p12 The above example CLI command converts the PKCS12 file to PEM format. 3)convert ssl pkcs12 /nsconfig/ssl/client_certkey.pem -import -pkcs12 /nsconfig/ssl/client_certcertkey.p12 -des The above example CLI command converts the PKCS12 file to PEM format, with encrypted key.

Note:The -des option will encrypt the output key using DES algorithm. User will be prompted to enter the pass-phrase to be used for encryption.

ssl-pkcs12