---
title: Available subcommands
description: The manage-certificates tool uses the following subcommands to indicate which function to invoke:
component: pingdirectory
version: 11.0
page_id: pingdirectory:managing_servers_and_certificates:pd_ds_available_subcommands
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/managing_servers_and_certificates/pd_ds_available_subcommands.html
revdate: August 12, 2024
---

# Available subcommands

The `manage-certificates` tool uses the following subcommands to indicate which function to invoke:

| Subcommand                                 | Function                                                                                                                                                                             |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `list-certificates`                        | Lists the certificates in a keystore.                                                                                                                                                |
| `import-certificate`                       | Imports a certificate into a trusted certificate entry or imports a certificate chain and private key into a private key entry.                                                      |
| `export-certificate`                       | Exports a certificate from a keystore.                                                                                                                                               |
| `export-private-key`                       | Exports a private key from a keystore.                                                                                                                                               |
| `generate-self-signed-certificate`         | Generates a self-signed certificate.                                                                                                                                                 |
| `generate-certificate-signing-request`     | Generates a certificate-signing request that can be provided to a certification authority.                                                                                           |
| `sign-certificate-signing-request`         | Signs a certificate-signing request with a specified issuer certificate.                                                                                                             |
| `check-certificate-usability`              | Checks a specified certificate in a keystore to verify whether it is suitable for use as a listener certificate.                                                                     |
| `trust-server-certificate`                 | Initiates the TLS-negotiation process with a specified server to obtain its certificate chain so that a truststore can be updated with the necessary information to trust the chain. |
| `display-certificate-file`                 | Displays the contents of a file that contains one or more PEM-encoded or DER-encoded X.509 certificates.                                                                             |
| `display-certificate-signing-request-file` | Displays the contents of a file that contains a PEM-encoded or DER-encoded PKCS #10 certificate-signing request (CSR).                                                               |
| `change-certificate-alias`                 | Changes the alias for an entry in a keystore.                                                                                                                                        |
| `change-keystore-password`                 | Changes the password for a keystore.                                                                                                                                                 |
| `change-private-key-password`              | Changes the password that protects the private key for a specified entry in a keystore.                                                                                              |