Common manage-certificates arguments
Most of the manage-certificates
subcommands require access to a Java KeyStore (JKS) or PKCS #12 keystore. In such instances, use the --keystore
argument to specify the path to the keystore.
If the keystore already exists, the tool detects automatically whether it is a JKS or PKCS #12 keystore. If the operation creates a new keystore, you can specify the type explicitly by using the --keystore-type
argument, followed by a value of JKS
or PKCS12
. If you do not specify the keystore type, a default value of JKS
is used.
Some situations require you to provide the password that is needed to access the keystore. For a JKS keystore, you might need to provide a keystore password only for operations that involve creating a keystore or accessing a private key. However, you will likely need to provide the password for all operations that involve a PKCS #12 keystore.
To provide a keystore password, use one of the following arguments:
-
--keystore-password
, followed by the clear-text password for the keystore. -
--keystore-password-file
, followed by the path to a file that contains the password for the keystore. The file might contain the password in the clear, or it might be encrypted with a definition from the server’s encryption-settings database. -
--prompt-for-keystore-password
. If this argument is provided, the tool prompts you interactively to provide the password.
If a private key is protected with a different password than the keystore itself, specify one of the following arguments to provide the private key password:
-
--private-key-password
, followed by the plaintext password. -
--private-key-password-file
, followed by the path to a file that contains the clear-text or encrypted password. -
--prompt-for-private-key-password
, which causes the tool to prompt interactively for the password.
Several operations require you to specify the keystore entry to target. In such scenarios, provide the --alias
argument, followed by the name of the alias for that entry.