Certificate System Java Command Line Utilities Command Line Utility Purpose ============================================================================== AtoB A command line utility utilized to convert an ASCII BASE 64 blob into a BINARY BASE 64 blob. AuditVerify A command line utility utilized to verify signatures in signed audit log files. BtoA A command line utility utilized to convert a BINARY BASE 64 blob into an ASCII BASE 64 blob. CMCEnroll A command line utility used to sign a certificate enrollment request with an agent's certificate. CMCRequest A command line utility used to construct a Certificate Management Messages over CMS (CMC) request. CMCResponse A command line utility used to parse a CMC response. CMCRevoke A command line utility used to sign a revocation request with an agent's certificate. CRMFPopClient A command line utility used to generate CRMF requests with proof of possession (POP). DRMTool -drmtool_config_file A command line utility used to change the storage key used -source_ldif_file to wrap the symmetric key which is used to encrypt the -target_ldif_file user's private key. Optionally, this utility -log_file may also be used to re-index IDs associated with the various [-source_pki_security_database_path records which may be useful for DRM consolidation. -source_storage_token_name '' -source_storage_certificate_nickname '' -target_storage_certificate_file [-source_pki_security_database_pwdfile ]] [-append_id_offset || -remove_id_offset ] [-source_drm_naming_context ] [-target_drm_naming_context ] [-process_requests_and_key_records_only] ExtJoiner . . . A command line utility utilized to join a sequence of extensions together so that the final output can be used in the configuration wizard for specifying extra extensions in default certificates (i. e. - CA certificate, SSL certificate). GenExtKeyUsage [true|false] A command line utility utilized . . . to generate a DER-encoded Extended Key Usage extension. The first parameter is the criticality of the extension, true or false. The OIDs to be included in the extension are passed as command-line arguments. The OIDs are described in RFC 2459. For example, the OID for code signing is 1.3.6.1.5.5.7.3.3. GenIssuerAltNameExt A command line utility utilized to generate an issuer . . . alternative name extension in base-64 encoding. The encoding output can be used with the configuration wizard, where: can be one of the following strings: DNSName EDIPartyName IPAddressName URIName RFC822Name OIDName X500Name is a string GenSubjectAltNameExt A command line utility utilized to generate a subject . . . alternative name extension in base-64 encoding. The encoding output can be used with the configuration wizard, where: can be one of the following strings: DNSName EDIPartyName IPAddressName URIName RFC822Name OIDName X500Name is a string HttpClient A command line utility used to communicate with any http/https server. OCSPClient A command line utility that verifies certificate status by submitting Online Certificate Status Protocol (OCSP) requests to an instance of an OCSP subsystem. PKCS10Client A command line utility that generates a Public Key Cryptography Standards (PKCS) #10 enrollment request. PKCS12Export A command line utility utilized to create PKCS12 file. PrettyPrintCert [output file] A command line utility utilized to print the contents of a certificate stored as an ASCII BASE 64 encoded blob in a user-friendly manner. PrettyPrintCrl [output file] A command line utility utilized to print the contents of a Certificate Revocation List (CRL) stored as an ASCII BASE 64 encoded blob in a user-friendly manner. TokenInfo A command line utility utilized to display all external HSMs visible to JSS.