||User Contributed Perl Documentation
returns an ecrypted private key for a certificate if the private key was
generated on the CA during the certificate request process.
Parameters are the same as for convert_private_key except
that private_key must not be passed but is read from the datapool and
cert_identifier is mandatory.
expects a private key and converts it into another format. If a bundle with
certificates is requested (PKCS12, JKS), the certificate to use as the end
entity certificate must be given via identifier or as first element of
- format - the output format
- PKCS8_PEM (PKCS#8 in PEM format)
- PKCS8_DER (PKCS#8 in DER format)
- PKCS12 (PKCS#12 in DER format)
- OPENSSL_PRIVKEY (OpenSSL native key format in PEM)
- OPENSSL_RSA (OpenSSL RSA with DEK-Info Header)
- JAVA_KEYSTORE (JKS including chain).
- password - the private key password
Password that was used when the key was generated.
- passout - the password for the exported key, default is PASSWORD
The password to encrypt the exported key with, if empty the
input password is used.
This option is only supported with format OPENSSL_PRIVKEY,
PKCS12 and JKS!
If set to a true value, the key is exported without a
password!. You must also set passout to the empty string.
the identifier of the certificate to merge into the export
file. The output file will contain also certificates of the chain, with
or without root weather keeproot is set. Only used with JKS or
PKCS12 export format.
Boolean, when set the root certifcate is included in the
keystore. Only used when identifier is set to export PKCS12 or Java
A PEM encoded list of certificates to be merged into the
output file. Only used with JKS or PKCS12 export format, content is used
"as is" and concatenated to the chain retrieved from
If identifier is not set, the first certificate of the
chain must match the private key.
String to set as alias for the key/certificate for JKS or
String, write name as a Microsoft CSP name (PKCS12 only)
If the input password does not decrypt the private key, an
exception is thrown.
Checks whether a corresponding CA-generated private key exists for the given
certificate identifier (named parameter IDENTIFIER). Returns true if there is
a private key, false otherwise.
Gets a private key from the database for a given certificate identifier by
looking up the CSR serial of the certificate and extracting the private_key
from the datapool. Returns undef if no key is available.
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.