Command Reference

List of commands for managing certificates

This refernce section lists the commands necessary for managing certificates.

To manage certificates in JKS keystores, use the Java keytool command line:
installation_directory/JavaExt/jre/bin/keytool
To manage CMS (.kdb) keystore certificates, use the GSKIT command line: gsk8capicmd. To run the GSKIT command line, first source the TWA environment from the installation directory, as follows:
On Windows systems
twa_env.cmd
On UNIX systems
./twa_env.sh
To import a certificate, run the following command:
keytool
<keytool> -importkeystore -srckeystore <source keystore> -destkeystore <destination keystore> 
-srcalias <certificate name in source keystore> -destalias <desired name of the certificate in destination keystore> 
-srcstorepass <password of source keystore> -deststorepass <password of destination keystore>
GSKIT
<gskit> -cert -import -db <source keystore> -pw <source keystore password> 
-target <destination keystore> -target_pw <destination keystore password> -label <certificate name>
To add a certificate, run the following command:
keytool
<keytool> -importcert -file <certificate file> -keystore <keystore name>   
-alias <desired certificate name in keystore> -trustcacerts -storepass <keystore password>
GSKIT
<gskit> -cert -add -db <keystore name> -pw <keystore password> 
-file <certificate file> -label <desired certificate name into keystore> -trust enable
To extract a certificate, run the following command:
keytool
<keytool> -exportcert -keystore <keystore name> -alias <name of the certificate> 
-file $<file to extract into> -storepass <keystore password>
GSKIT
<gskit> -cert -extract -db <keystore name> -pw <keystore password> 
-label <certificate name> -file <file to extract the certificate into>
To delete a certificate, run the following command:
keytool
<keytool> -delete -alias <certificate name> -keystore <keystore name> 
-storepass <keystore password>
GSKIT
<gskit> -cert -delete -db <keystore name> -pw <keystore password> 
-label <certificate name>
To rename a certificate, run the following command:
keytool
<keytool> -changealias -keystore <keystore name> -storepass <keystore password> 
-alias <old certificate name> -destalias <new certificate name>
GSKIT
<gskit> -cert -rename -db <keystore name> -pw <keystore password> 
-label <old certificate name> -new_label <new certificate name>
To list a certificate, run the following command:
keytool
<keytool> -list -keystore <keystore name> -storepass <keystore password>
GSKIT
<gskit> -cert -list -db <keystore name> -pw <keystore password>