The manage-certificates tool uses the following subcommands to indicate which function to invoke:

Subcommand Function

list-certificates

Lists the certificates in a keystore.

import-certificate

Imports a certificate into a trusted certificate entry or imports a certificate chain and private key into a private key entry.

export-certificate

Exports a certificate from a keystore.

export-private-key

Exports a private key from a keystore.

generate-self-signed-certificate

Generates a self-signed certificate.

generate-certificate-signing-request

Generates a certificate-signing request that can be provided to a certification authority.

sign-certificate-signing-request

Signs a certificate-signing request with a specified issuer certificate.

check-certificate-usability

Checks a specified certificate in a keystore to verify whether it is suitable for use as a listener certificate.

trust-server-certificate

Initiates the TLS-negotiation process with a specified server to obtain its certificate chain so that a truststore can be updated with the necessary information to trust the chain.

display-certificate-file

Displays the contents of a file that contains one or more PEM-encoded or DER-encoded X.509 certificates.

display-certificate-signing-request-file

Displays the contents of a file that contains a PEM-encoded or DER-encoded PKCS #10 certificate-signing request (CSR).

change-certificate-alias

Changes the alias for an entry in a keystore.

change-keystore-password

Changes the password for a keystore.

change-private-key-password

Changes the password that protects the private key for a specified entry in a keystore.