Carman, George wrote:
[EMAIL PROTECTED]">Sounds like you have an old copy of pk12util. It probably doesn't understand the -P flag. Try the binaries for NSS 3.2, that was the timeframe we added the -P option to pk12util.We tried using pk12util in nss 3.1.1 as follows:
The database in writable directory:
./alias-cert.db
./alias-key.db
./pk12util -o outfile.p12 -d . -n nickname -P alias
This just gives the usage help message.
Any suggestions on how to use the tool?
bob
[EMAIL PROTECTED]">
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 11, 2001 5:50 PM
To: Carman George
Cc: '[EMAIL PROTECTED]'
Subject: Re: Migrating Private Keys and Certs from Netscape 3.5
Carman, George wrote:Hello,
We have several Netscape 3.5 servers and we are trying to migrate theirkeysand certs to newer products.
Is there a utility which can read the database for these older products?
The files have names alias-cert.db and alias-key.db. There is nosecmod.db.Do the nss pk12util and certutil utilities understand these olderdatabases?If so, example usage for export of the keys and certs would beappreciated.
Yes, sort of. They can update an old database into a new database
format. The latest versions of the utilities even understand the server
'alias-' prefixes (they have options to handle them). If you run them in
a writeable directory the tools can create new alias-cert7.db and
aliad-key3.db's as well as a secmod.db on the fly, before they start
using operating on the files.
iWS also has an admin interface that can update thes files.
bobThanks,
George
