Re: [OpenXPKI-users] How is an OpenXPKI generated private key exported?

Tue, 16 Apr 2024 07:14:05 -0700 

On Mon, April 15, 2024 14:12, Martin Bartosch wrote:
> James,
>
>> I created csr where the option to create a private key was selected.  How is
>> the private key created for this csr exported from openxpki?
>
> Click on the Certificate. Choose Action -> "Download private key/keystore
> (PKCS12/PKCS8/Java)"
>

My question was imprecise. I had in mind a batch/cli type solution. After
further research this is what I am attempting to use.

openxpkicli --realm hll_ca2016 get_private_key_for_cert --help

get_private_key_for_cert
    returns an ecrypted private key for a certificate if the private key
    was generated on the CA during the certificate request process.

    Parameters are the same as for (convert_private_key) except that
    (private_key) must not be passed but is read from the datapool and
    (cert_identifier) is mandatory.

convert_private_key
    expects a private key and converts it into another format. If a bundle
    with certificates is requested (PKCS12, JKS), the certificate to use as
    the end entity certificate must be given via (identifier) or as first
    element of (chain)


openxpkicli --realm=hll_ca2016 get_private_key_for_cert \
     --param identifier='Lik1K_AGi-RDqOiNxjmptAh-4-w' \
     --param password='F990NCtO' \
     --param passout='' \
     --param nopassword=TRUE \
     --param format=PKCS8_PEM
Error: Error while executing API command
    Attribute (identifier) is required

openxpkicli --realm=hll_ca2016 get_private_key_for_cert \
     --param cert_identifier='Lik1K_AGi-RDqOiNxjmptAh-4-w' \
     --param password='F990NCtO' \
     --param passout='' \
     --param nopassword=TRUE \
     --param format=PKCS8_PEM
Error: Error while executing API command
    Attribute (identifier) is required

What is wrong with the identifier attribute? For what it is worth I find that
using two different names for the same thing a bit confusing, if indeed
'cert_identifier' and 'identifier' do refer to the same thing.

Your help is appreciated.

Thank you.




_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to