Import a PKCS #12 File

You can import a PKCS #12 key and certificate file that was generated elsewhere into the Oracle Communications Core Session Manager (OCCSM) by way of the ACLI.

Make sure that your PKCS#12 file was generated either with the -descert flag or the -keypbe and -certpbe options. If rsa.key is a private key and cert.crt is an X.509 certificate, either of the following commands generates a PKCS#12 file.

# generate using -descert
openssl pkcs12 -export -in cert.crt -inkey rsa.key -out my_pkcs12.pfx -name "Test Cert" -descert
# generate using -keypbe and -certpbe options
openssl pkcs12 -export -in cert.crt -inkey rsa.key -out my_pkcs12.pfx -name "Test Cert" -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES

Copy the PKCS#12 file to the /opt directory using SFTP.

Run the import-certificate command.

import-certificate <pkcs#12> <certificate-record-name> [pkcs-12-file-name]

where

certificate-record-name—must be a new name that does not exist as PKCS #12. This is different from other certificate imports, where the certificate record must already exist in the target destination.
pkcs12-file-name—the name of the PKCS #12 file that you want to import.

ORACLE# import-certificate pkcs12 newKey2 my2_pkcs12.pfx
The specified certificate-record: (newKey2) does not exist.
Creating one...
Enter Import Password: 
Importing ee: newKey2
Certificate(s) imported successfully....

----------------------------------------------
WARNING:
Configuration changed, run 'save-config' and 
'activate-config' commands to commit the changes.
----------------------------------------------
ORACLE#

Note:

512-bit keys are not supported.