The manage-certificates tool uses subcommands to indicate which function you want to invoke.
The subcommands that it offers include the following.
| Subcommand | Description |
|---|---|
|
list-certificates |
Lists the certificates in a key store. |
|
import-certificate |
Imports a certificate into a trusted certificate entry, or imports a certificate chain and private key into a private key entry. |
|
export-certificate |
Exports a certificate from a key store. |
|
export-private-key |
Exports a private key from a key store. |
|
generate-self-signed-certificate |
Generates a self-signed certificate. |
|
generate-certificate-signing-request |
Generates a certificate signing request that can be provided to a certification authority. |
|
sign-certificate-signing-request |
Signs a certificate signing request with a specified issuer certificate. |
|
check-certificate-usability |
Checks a specified certificate in a key store to verify whether it is suitable for use as a listener certificate. |
|
trust-server-certificate |
Initiates the TLS negotiation process with a specified server to obtain its certificate chain to update a trust store with information needed to trust that chain. |
|
display-certificate-file |
Displays the contents of a file containing one or more PEM-encoded or DER-encoded X.509 certificates. |
|
display-certificate-signing-request-file |
Displays the contents of a file containing a PEM-encoded or DER-encoded PKCS #10 certificate signing request (CSR). |
|
change-certificate-alias |
Changes the alias for an entry in a key store. |
|
change-keystore-password |
Changes the password for a key store. |
|
change-private-key-password |
Changes the password used to protect the private key for a specified entry in a key store. |