The manage-certificates tool uses the following subcommands to indicate which function to invoke:
Subcommand | Function |
---|---|
list-certificates |
Lists the certificates in a keystore. |
import-certificate |
Imports a certificate into a trusted certificate entry or imports a certificate chain and private key into a private key entry. |
export-certificate |
Exports a certificate from a keystore. |
export-private-key |
Exports a private key from a keystore. |
generate-self-signed-certificate |
Generates a self-signed certificate. |
generate-certificate-signing-request |
Generates a certificate-signing request that can be provided to a certification authority. |
sign-certificate-signing-request |
Signs a certificate-signing request with a specified issuer certificate. |
check-certificate-usability |
Checks a specified certificate in a keystore to verify whether it is suitable for use as a listener certificate. |
trust-server-certificate |
Initiates the TLS-negotiation process with a specified server to obtain its certificate chain so that a truststore can be updated with the necessary information to trust the chain. |
display-certificate-file |
Displays the contents of a file that contains one or more PEM-encoded or DER-encoded X.509 certificates. |
display-certificate-signing-request-file |
Displays the contents of a file that contains a PEM-encoded or DER-encoded PKCS #10 certificate-signing request (CSR). |
change-certificate-alias |
Changes the alias for an entry in a keystore. |
change-keystore-password |
Changes the password for a keystore. |
change-private-key-password |
Changes the password that protects the private key for a specified entry in a keystore. |