Page created: 4 Feb 2020 |
Page updated: 22 Jul 2020
The manage-certificates tool uses the following subcommands to indicate which function to invoke:
- list-certificates – Lists the certificates in a keystore.
- import-certificate – Imports a certificate into a trusted certificate entry, or imports a certificate chain and private key into a private key entry.
- export-certificate – Exports a certificate from a keystore.
- export-private-key – Exports a private key from a keystore.
- generate-self-signed-certificate – Generates a self-signed certificate.
- generate-certificate-signing-request – Generates a certificate-signing request that can be provided to a certification authority.
- sign-certificate-signing-request – Signs a certificate-signing request with a specified issuer certificate.
- check-certificate-usability – Checks a specified certificate in a keystore to verify whether it is suitable for use as a listener certificate.
- trust-server-certificate – Initiates the TLS-negotiation process with a specified server to obtain its certificate chain, so that a truststore can be updated with the necessary information to trust the chain.
- display-certificate-file – Displays the contents of a file that contains one or more PEM-encoded or DER-encoded X.509 certificates.
- display-certificate-signing-request-file – Displays the contents of a file that contains a PEM-encoded or DER-encoded PKCS #10 certificate-signing request (CSR).
- change-certificate-alias – Changes the alias for an entry in a keystore.
- change-keystore-password – Changes the password for a keystore.
- change-private-key-password – Changes the password that protects the private key for a specified entry in a keystore.