This document describes the process of converting the Netscape/I-Planet
db files to pkcs12 format. Once converted, these Netscape/I-Planet DB files can
be imported to the Cisco Secure Content Accelerator (SCA).
The import requires either an HTTP, HTTPS, FTP, or TFTP server to
import the pkcs12 file to the SCA.
Netscape Communicator 4.77 was used in this example, however, most
recent versions should work as well.
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
For more information on document conventions, refer to the
Cisco Technical Tips
In this section, you are presented with the information to configure
the features described in this document.
Complete these steps:
Transfer the certificate\key from Netscape 3.6/I-Planet 4.1 to temp
The keys and certificates are stored on the server in a database
format. They are stored in the $SERVER_ROOT/alias directory. This is an example
of the key and certificate files:
Copy these two files to a temp directory on the system running
Netscape Communicator that will be used for conversion. Rename the files to
key3.db and cert7.db. In this example, https-secure.
example.com-secure-key3.db becomes key3.db, and
Back up the existing db files on Netscape.
On the system running Netscape Communicator, change directory (cd)
to the Users directory. The path should be C:\Program
Files\Netscape\Users, but may be different depending on how Netscape was
installed on your PC. Select one of the user directories (if more than one
exists) that will be used to convert the db files. Cd to that directory. Rename
cert7.db and key3.db to cert7.bak and key3.bak respectively. Copy the two db
files that were copied to the temp directory to the user directory selected
Export the certificate.
Launch Netscape Communicator. Make sure to select the appropriate
profile that corresponds to the user directory used for the conversion if more
than one profile exists. Select the Security Icon from the
tool bar menu. Your Certificates window should appear. Select
Certificates -> Yours from the menu. The certificate being
exported should appear in the window. Click Export to export
the certificate. Enter the password for the private key. Enter a password to
encrypt the pkcs12 file being exported. Name the pkcs12 file
export.p12, and save it to the temp directory. Close Netscape
Restore the original db files.
Cd back to the User directory where the original
db files where renamed to .bak. Rename cert7.bak to cert7.db and key3.bak to
Import the pkcs12 file to the CSS using FTP.
Telnet to the SCA device or connect using the console. The import
cannot be done from the Web GUI. From the command line, issue the
configure ssl command. Make sure the FTP server is
running on the host where the export.p12 resides (anonymous FTP,HTTP,HTTPS, and
TFTP can be used as well.) In this example, export.p12 is on 10.10.10.2 in
import pkcs12 der ftp://username:firstname.lastname@example.org/temp/export.p12
You will be prompted for the password from export.p12 that was
created when it was exported from the db format. The key and certificate(s)
have now been imported into the SCA and can be assigned to SSL secure servers.
The certificates are named der_c1, der_c2, and so on. The key is named
There is currently no verification procedure available for this
There is currently no specific troubleshooting information available
for this configuration.