Command Reference

List of commands for managing certificates

This reference section lists the commands necessary for managing certificates.

To manage certificates in JKS keystores, use the Java keytool command line:

installation_directory/JavaExt/jre/bin/keytool

To manage CMS (.kdb) keystore certificates, use the GSKIT command line: gsk8capicmd. To run the GSKIT command line, first source the TWA environment from the installation directory, as follows:

On Windows systems: twa_env.cmd
On UNIX systems: ./twa_env.sh

To import a certificate, run the following command:

keytool

<keytool> -importkeystore -srckeystore <source_keystore> -destkeystore <destination_keystore> 
-srcalias <certificate_name_in_source_keystore> -destalias <desired_name_of_the_certificate_in_destination_keystore> 
-srcstorepass <password_of_source_keystore> -deststorepass <password_of_destination_keystore>

GSKIT

<gskit> -cert -import -db <source_keystore> -pw <source_keystore_password> 
-target <destination_keystore> -target_pw <destination_keystore_password> -label <certificate_name>

To add a certificate, run the following command:

keytool

<keytool> -importcert -file <certificate_file> -keystore <keystore_name>   
-alias <desired_certificate_name_in_keystore> -trustcacerts -storepass <keystore_password>

GSKIT

<gskit> -cert -add -db <keystore_name> -pw <keystore_password> 
-file <certificate_file> -label <desired_certificate_name_into_keystore> -trust enable

To extract a certificate, run the following command:

keytool

<keytool> -exportcert -keystore <keystore_name> -alias <name_of_the_certificate> 
-file $<file_to_extract_into> -storepass <keystore_password>

GSKIT

<gskit> -cert -extract -db <keystore_name> -pw <keystore_password> 
-label <certificate_name> -file <file_to_extract_the_certificate_into>

To delete a certificate, run the following command:

keytool

<keytool> -delete -alias <certificate_name> -keystore <keystore_name> 
-storepass <keystore_password>

GSKIT

<gskit> -cert -delete -db <keystore_name> -pw <keystore_password> 
-label <certificate_name>

To rename a certificate, run the following command:

keytool

<keytool> -changealias -keystore <keystore_name> -storepass <keystore_password> 
-alias <old_certificate_name> -destalias <new_certificate_name>

GSKIT

<gskit> -cert -rename -db <keystore_name> -pw <keystore_password> 
-label <old_certificate_name> -new_label <new_certificate_name>

To list a certificate, run the following command:

keytool

<keytool> -list -keystore <keystore_name> -storepass <keystore_password>

GSKIT

<gskit> -cert -list -db <keystore_name> -pw <keystore_password>