CA Service Management

Has anyone figured out how to use pdm_pki to import certificates from an external source? The help for the command says:

usage: pdm_pki -p policy_code [-f] [-l certificate] [-h]

        -p unique policy code
        -f force replacement
        -l load public key stored in a X509 V3 certificate
        -h print usage

but regardless of what I do I don't manage to move an existing and working login policy certificate from one environment to another and end up with the error

Unable to load the certificate file <filename>

I know I can copy the database values from one environment to another and that will work around the issue with pdm_pki but the ultimate goal is to be able to import signed certificates from my organisation's PKI authority instead of using the self-signed certs the pdm_pki generates.

I've exported the cert with the Java keytool and used openssl to extract the public key but so far no luck. The pdm_pki documentation is seriously lacking so it offers no help.

Assume I have access to openssl and anything that ships with SDM 17.1 on a Windows platform.

Lo and behold, persistence pays off! Managed to pull it off with the following:

1. Take the PKCS12 cert generated by pdm_pki, I'm assuming your cert is called cert.p12 in the working directory
   

2. Use keytool to read the certificate and output the contents in the RFC form:

   keytool -exportcert -rfc -keystore cert.p12 -storepass examplepassword -storetype PKCS12 -alias keyalias > cert.pem

3. Use openssl to convert the PEM file to DER format

   openssl x509 -inform pem -outform der -pubkey -in cert.pem -out cert.der

4. Load the DER formatted certificate into SDM

   pdm_pki -p policycode -f -l cert.der

If you have keytool and openssl available from the same machine as the Service Desk Manager you can concatenate some of the steps into one and skip the intermediary files, but I leave that as an exercise for the reader.