Find your keystore
$ find ~/ -iname "cert8.db"
List they keystore where -d is the path to the certdir found by the find command
$ certutil -d ~/.mozilla/firefox/xxxxxx.default/ -L|less
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
VeriSign Class 3 Extended Validation SSL CA ,,
bpki.example2.net ,,
host2.someplace.net ,,
SuperAdmin u,u,u
Export
$ pk12util -o lm.p12 -n "bpki.example2.net" -d ~/.mozilla/firefox/xxxxxx.default/
Enter password for PKCS12 file:
Re-enter password:
pk12util: PKCS12 EXPORT SUCCESSFUL
You can now extract your key/cert/ca's from the PKCS12. In this case, I don't want the private key to be encrypted (-nodes).
$ openssl pkcs12 -nodes -in lm.p12 -out dump.txt
Enter Import Password:
MAC verified OK
No comments:
Post a Comment