pk12util: no user certs from given nickname

[Yao, Julie]

When I ran certutil to list certs/keys in my nssdb, it showed a couple of certificates in the db. But when I tried to use pk12util to export one of the certificates, I got:
pk12util: no user certs from given nickname

os: redhat 6.8

Thanks,
Julie

[Hubert Kario]

On Thursday, 19 January 2017 19:51:59 CET Yao, Julie wrote:
> When I ran certutil to list certs/keys in my nssdb, it showed a couple of
> certificates in the db. But when I tried to use pk12util to export one of
> the certificates, I got: pk12util: no user certs from given nickname

can you provide exact commands and their outputs you have used?


--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

[Yao, Julie]

certutil –L –d config/nssdb

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

juliek12 Cu,Cu,Cu
juliek1 Cu,Cu,Cu
soneraclass2ca CT,,

pk12util -o /tmp/exportfile.pkcs12 -W changeit -d config/nssdb/ -K changeit –n soneraclass2ca

pk12util: no user certs from given nickname

If the alias is key, pk12util works fine. It fails in certs.

Thanks,
Julie

[Hubert Kario]

On Friday, 20 January 2017 19:14:08 CET Yao, Julie wrote:
> certutil –L –d config/nssdb
>
> Certificate Nickname Trust
> Attributes
> SSL,S/MIME,JAR/XPI
> juliek12 Cu,Cu,Cu
> juliek1 Cu,Cu,Cu
> soneraclass2ca CT,,
>
> pk12util -o /tmp/exportfile.pkcs12 -W changeit -d config/nssdb/ -K changeit
> –n soneraclass2ca
> pk12util: no user certs from given nickname
>
> If the alias is key, pk12util works fine. It fails in certs.

it does look like the pk12util does not support exporting just the
certificate, if you'd like this feature, I suggest opening a bugzilla feature
request

for exporting just certificates, you can use certutil -L with either -r or -a

the resulting PEM or DER file can be converted to PKCS#12 file with `openssl
pkcs12` utility