Command Reference
List of commands for managing certificates
This reference section lists the commands necessary for managing certificates.
To manage certificates in JKS keystores, use the Java keytool command
line:
installation_directory/JavaExt/jre/bin/keytool
To manage CMS (.kdb) keystore certificates, use the GSKIT command line:
gsk8capicmd. To run the GSKIT command line, first source the TWA environment from the
installation directory, as follows:
- On Windows systems
- twa_env.cmd
- On UNIX systems
- ./twa_env.sh
To import a certificate, run the following command:
- keytool
-
<keytool> -importkeystore -srckeystore <source_keystore> -destkeystore <destination_keystore> -srcalias <certificate_name_in_source_keystore> -destalias <desired_name_of_the_certificate_in_destination_keystore> -srcstorepass <password_of_source_keystore> -deststorepass <password_of_destination_keystore>
- GSKIT
-
<gskit> -cert -import -db <source_keystore> -pw <source_keystore_password> -target <destination_keystore> -target_pw <destination_keystore_password> -label <certificate_name>
To add a certificate, run the following command:
- keytool
-
<keytool> -importcert -file <certificate_file> -keystore <keystore_name> -alias <desired_certificate_name_in_keystore> -trustcacerts -storepass <keystore_password>
- GSKIT
-
<gskit> -cert -add -db <keystore_name> -pw <keystore_password> -file <certificate_file> -label <desired_certificate_name_into_keystore> -trust enable
To extract a certificate, run the following command:
- keytool
-
<keytool> -exportcert -keystore <keystore_name> -alias <name_of_the_certificate> -file $<file_to_extract_into> -storepass <keystore_password>
- GSKIT
-
<gskit> -cert -extract -db <keystore_name> -pw <keystore_password> -label <certificate_name> -file <file_to_extract_the_certificate_into>
To delete a certificate, run the following command:
- keytool
-
<keytool> -delete -alias <certificate_name> -keystore <keystore_name> -storepass <keystore_password>
- GSKIT
-
<gskit> -cert -delete -db <keystore_name> -pw <keystore_password> -label <certificate_name>
To rename a certificate, run the following command:
- keytool
-
<keytool> -changealias -keystore <keystore_name> -storepass <keystore_password> -alias <old_certificate_name> -destalias <new_certificate_name>
- GSKIT
-
<gskit> -cert -rename -db <keystore_name> -pw <keystore_password> -label <old_certificate_name> -new_label <new_certificate_name>
To list a certificate, run the following command:
- keytool
-
<keytool> -list -keystore <keystore_name> -storepass <keystore_password>
- GSKIT
-
<gskit> -cert -list -db <keystore_name> -pw <keystore_password>