Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages
OpenXPKI::Server::API2::Plugin::Cert::private_key(3) User Contributed Perl Documentation OpenXPKI::Server::API2::Plugin::Cert::private_key(3)


returns an ecrypted private key for a certificate if the private key was generated on the CA during the certificate request process.

Parameters are the same as for convert_private_key except that private_key must not be passed but is read from the datapool and cert_identifier is mandatory.

expects a private key and converts it into another format. If a bundle with certificates is requested (PKCS12, JKS), the certificate to use as the end entity certificate must be given via identifier or as first element of chain.
format - the output format
PKCS8_PEM (PKCS#8 in PEM format)
PKCS8_DER (PKCS#8 in DER format)
PKCS12 (PKCS#12 in DER format)
OPENSSL_PRIVKEY (OpenSSL native key format in PEM)
OPENSSL_RSA (OpenSSL RSA with DEK-Info Header)
JAVA_KEYSTORE (JKS including chain).
  • password - the private key password

    Password that was used when the key was generated.

  • passout - the password for the exported key, default is PASSWORD

    The password to encrypt the exported key with, if empty the input password is used.

    This option is only supported with format OPENSSL_PRIVKEY, PKCS12 and JKS!

  • nopasswd

    If set to a true value, the key is exported without a password!. You must also set passout to the empty string.

  • identifier

    the identifier of the certificate to merge into the export file. The output file will contain also certificates of the chain, with or without root weather keeproot is set. Only used with JKS or PKCS12 export format.

  • keeproot

    Boolean, when set the root certifcate is included in the keystore. Only used when identifier is set to export PKCS12 or Java Keystore.

  • chain

    A PEM encoded list of certificates to be merged into the output file. Only used with JKS or PKCS12 export format, content is used "as is" and concatenated to the chain retrieved from identifier/keeproot.

    If identifier is not set, the first certificate of the chain must match the private key.

  • alias

    String to set as alias for the key/certificate for JKS or PKCS12.

  • csp

    String, write name as a Microsoft CSP name (PKCS12 only)

If the input password does not decrypt the private key, an exception is thrown.

Checks whether a corresponding CA-generated private key exists for the given certificate identifier (named parameter IDENTIFIER). Returns true if there is a private key, false otherwise.

Gets a private key from the database for a given certificate identifier by looking up the CSR serial of the certificate and extracting the private_key from the datapool. Returns undef if no key is available.
2022-05-14 perl v5.32.1

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.