---
title: Available subcommands
description: The manage-certificates tool uses subcommands to indicate which function you want to invoke.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_security_guide:pd_sec_available_subcommands
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_security_guide/pd_sec_available_subcommands.html
revdate: September 13, 2023
---

# Available subcommands

The `manage-certificates` tool uses subcommands to indicate which function you want to invoke.

The subcommands that it offers include the following.

| Subcommand                                 | Description                                                                                                                                                        |
| ------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `list-certificates`                        | Lists the certificates in a key store.                                                                                                                             |
| `import-certificate`                       | Imports a certificate into a trusted certificate entry, or imports a certificate chain and private key into a private key entry.                                   |
| `export-certificate`                       | Exports a certificate from a key store.                                                                                                                            |
| `export-private-key`                       | Exports a private key from a key store.                                                                                                                            |
| `generate-self-signed-certificate`         | Generates a self-signed certificate.                                                                                                                               |
| `generate-certificate-signing-request`     | Generates a certificate signing request that can be provided to a certification authority.                                                                         |
| `sign-certificate-signing-request`         | Signs a certificate signing request with a specified issuer certificate.                                                                                           |
| `check-certificate-usability`              | Checks a specified certificate in a key store to verify whether it is suitable for use as a listener certificate.                                                  |
| `trust-server-certificate`                 | Initiates the TLS negotiation process with a specified server to obtain its certificate chain to update a trust store with information needed to trust that chain. |
| `display-certificate-file`                 | Displays the contents of a file containing one or more PEM-encoded or DER-encoded X.509 certificates.                                                              |
| `display-certificate-signing-request-file` | Displays the contents of a file containing a PEM-encoded or DER-encoded PKCS #10 certificate signing request (CSR).                                                |
| `change-certificate-alias`                 | Changes the alias for an entry in a key store.                                                                                                                     |
| `change-keystore-password`                 | Changes the password for a key store.                                                                                                                              |
| `change-private-key-password`              | Changes the password used to protect the private key for a specified entry in a key store.                                                                         |