Thanks for the help. I downloaded the files and everything worked like a charm.
Donny "Nelson B. Bolyard" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Donny wrote: > > > > I need to export my private keys to pkcs12 format to put on another server. > > My problem is I am running Iplanet 4.1 and I don't have a way to do this. > > It seems pk12util will do this for me, but I have no idea where to find what > > I need. I'm running Solaris 8 on a sparc platform. What do I need to > > download to so I can install and run pk12util, and where can I find the > > files needed? This is all pretty new to me so I'm not sure exactly what I > > need to do here. Thanks > > pk12util is one of many NSS utility programs. Another that will probably > help you is certutil. I'm not sure which release of NSS corresponds > exactly to the iPlanet server(s) you're using, but I'd guess that NSS 3.2.2 > will work for you. > > You can download the NSS utility programs and shared libraries from this URL: > > ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_2_2_RTM/SunOS5.6_OPT.OBJ/nss-3.2.2.tar.gz > > You'll also need the NSPR shared libraries from > > ftp://ftp.mozilla.org/pub/nspr/releases/v4.1.2/SunOS5.6_OPT.OBJ/nspr-4.1.2.tar.gz > > These versions, produced in the summer of 2001, _should_ work for you, but > you _might_ need older versions. > > Put all the shared libraries into a directory, and put that directory name > into LD_LIBRARY_PATH. Put all the utility programs into a directory in > your PATH. You'll need the pathname of the directory that contains your > server's *cert7.db and *key3.db files. Those file names will probably > have a prefix, e.g. if the filename is https-yourservername-cert7.db > then the prefix is "https-yourservername-". > > Run the command > > certutil -L -d <db> -P <prefix> > > where <db> is the pathname of the directory that contains your cert7.db > and key3.db files. Most NSS utilities use the same -d and -P options. > If your prefix is empty, then drop the -P <prefix> option. > > That command will give you a list of "nicknames". The nickname for your > server cert will be followed by the letters "u,u,u". > > Then run a command similar to this: > > pk12util -o exportfile -n nickname [-d certdir] [-P dbprefix] > [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw] > > where > exportfile is the name of the .p12 file to be created, > nickname is the nickname you found with certutil, enclosed in quotes > if needed, > The -d and -P options are as for certutil > The -k or -K options specify the password that unlocks the key3.db file. > The -K option names a file that contains the password. > The -k option gives the password itself. > Similarly, the -w or -W options specify the password that will protect > the newly created .p12 file. > > -- > Nelson B
