You add the server certificate to the certificate database to make it available for communication over SSL.
Note: The following procedure details the specific options and arguments to complete the task. For a complete list of the NSS utility options and arguments, refer to the Mozilla documentation on the NSS project page.
Important! If you are running a SiteMinder utility or executable on Windows Server 2008, be sure to open the commandline window with Administrator permissions, even if you are logged into the system as an Administrator. For more information, see the release notes for your SiteMinder component.
To add the server certificate to the certificate database
Example: C:\nss\bin
Note: Windows has a native certutil utility. Ensure you are working from the bin directory of the NSS utility or you may inadvertently run the Windows certutil utility.
certutil -A -n alias -t trust_arguments -i server_certificate_path -d certificate_database_directory
Adds a certificate to the certificate database.
Specifies an alias for the certificate.
Note: If the alias contains spaces, bracket the alias with quotes.
Specify the trust attributes to apply to the certificate when adding it to the certificate database. There are three available trust categories for each certificate, which are expressed in this order: "SSL, email, object signing". Specify the appropriate trust arguments so that the certificate is trusted. In each category position, you may use zero or more of the following attribute arguments:
p
Valid peer.
P
Trusted peer. This argument implies p.
Important! This is a required argument for the SSL trust category.
Specifies the path to the server certificate. Consider the following:
Note: If the file path contains spaces, bracket the path in quotes.
Specifies the path to the directory that contains the certificate database.
Note: If the file path contains spaces, bracket the path in quotes.
NSS adds the server certificate to the certificate database.
Example: Adding a Server Certificate to the Certificate Database
certutil -A -n "My Server Certificate" -t "P,," -i C:\certificates\servercert.cer -d C:\certdatabase
Copyright © 2010 CA. All rights reserved. | Email CA about this topic |