search cancel

How to extract certificate from cert8.db

book

Article ID: 213420

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign-On

Issue/Introduction

Older Policy Server is using different version of NSS certutil.

When Policy Server is upgraded to a new version, the cert8.db was no longer compatible.

How can the certificate from the older cert8.db so it can be imported to new cert8.db?

 

Environment

Release : 12.8.03

Component : Policy Server

Resolution

From the older Policy Server, export the cert using the older version of certutil.


1. Open cmd or bash and cd to the directory containing the cert8.db file.
2. list the certificate aliases in the cert8.db
    certutil -L -d .
3. Identify which CA cert alias you need.
4. xport the CA alias to exportedcacert.crt (this will be in binary format)
    certutil -L -d . -n <CA Alias> -r > exportedcacert.crt

You can copy the exportedcacert.crt to the new policy server and generate new cert8.db

Additional Information

Mozilla NSS Tools