Command Reference
List of commands for managing certificates
This refernce section lists the commands necessary for managing certificates.
To manage certificates in JKS keystores, use the Java keytool command
line:
installation_directory/JavaExt/jre/bin/keytool
To manage CMS (.kdb) keystore certificates, use the GSKIT command line:
gsk8capicmd. To run the GSKIT command line, first source the TWA environment from the
installation directory, as follows:
- On Windows systems
- twa_env.cmd
- On UNIX systems
- ./twa_env.sh
To import a certificate, run the following command:
- keytool
-
<keytool> -importkeystore -srckeystore <source keystore> -destkeystore <destination keystore> -srcalias <certificate name in source keystore> -destalias <desired name of the certificate in destination keystore> -srcstorepass <password of source keystore> -deststorepass <password of destination keystore>
- GSKIT
-
<gskit> -cert -import -db <source keystore> -pw <source keystore password> -target <destination keystore> -target_pw <destination keystore password> -label <certificate name>
To add a certificate, run the following command:
- keytool
-
<keytool> -importcert -file <certificate file> -keystore <keystore name> -alias <desired certificate name in keystore> -trustcacerts -storepass <keystore password>
- GSKIT
-
<gskit> -cert -add -db <keystore name> -pw <keystore password> -file <certificate file> -label <desired certificate name into keystore> -trust enable
To extract a certificate, run the following command:
- keytool
-
<keytool> -exportcert -keystore <keystore name> -alias <name of the certificate> -file $<file to extract into> -storepass <keystore password>
- GSKIT
-
<gskit> -cert -extract -db <keystore name> -pw <keystore password> -label <certificate name> -file <file to extract the certificate into>
To delete a certificate, run the following command:
- keytool
-
<keytool> -delete -alias <certificate name> -keystore <keystore name> -storepass <keystore password>
- GSKIT
-
<gskit> -cert -delete -db <keystore name> -pw <keystore password> -label <certificate name>
To rename a certificate, run the following command:
- keytool
-
<keytool> -changealias -keystore <keystore name> -storepass <keystore password> -alias <old certificate name> -destalias <new certificate name>
- GSKIT
-
<gskit> -cert -rename -db <keystore name> -pw <keystore password> -label <old certificate name> -new_label <new certificate name>
To list a certificate, run the following command:
- keytool
-
<keytool> -list -keystore <keystore name> -storepass <keystore password>
- GSKIT
-
<gskit> -cert -list -db <keystore name> -pw <keystore password>