[Pki-users] Exporting Keys from Database

Ade Lee alee at redhat.com
Tue Feb 18 15:53:09 UTC 2014 

On Tue, 2014-02-18 at 10:51 +0100, Jindrich Dolezal wrote:
> hi,
> im using dogtag 9.0. im trying to export the CA keys with the use of 
> PKCS12Export command. in the Deploy and Install guide there is command 
> to use:
> PKCS12Export -debug -d /var/lib/{instance_name}/alias -w p12pwd.txt -p 
> internal.txt -o master.p12
> where according to help
> -p <file containing password for keydb> -w <file containing pkcs12 
> password> -o <output file for pkcs12>
> 
> but i always end up with:
> PKCS12Export debug: PKCS12Export Exception: 
> org.mozilla.jss.util.IncorrectPasswordException
> 
> what is 'file containing password for keydb' and 'file containing pkcs12 
> password'?
> i tried all combinations of passwords i used during the installation. 
> more over during the installation i was not asked for any password to 
> protect the keydb.
> 
> so my next question is: should the passwords be in special format, like 
> in base64, or more generally what passwords shall be used for this at all?
> 

The file containing the pkcs12 password is simply a text file with the
password of your choosing in cleartext.  This will be the password
needed to decrypt the keys in the pkcs12 file that is being generated.

The file containing the password for the keydb is simply a text file
containing only the password for the certdb
under /var/lib/<instance_name>/alias in cleartext.  That password is a
randomly generated numeric string that was created during installation.
It can be found by looking
at /var/lib/<instance-name>/conf/password.conf.

The password you want is the one prefaced by internal=XXXXX.

Ade

> thanks
> 
> jd
> 
> </pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed.  If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone.  This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
> 
> 
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list