Certificate System
Java Command Line Utilities
Command Line Utility Purpose
==============================================================================
AtoB A command line utility utilized
to convert an ASCII BASE 64
blob into a BINARY BASE 64 blob.
AuditVerify A command line utility utilized
to verify signatures in signed
audit log files.
BtoA A command line utility utilized
to convert a BINARY BASE 64
blob into an ASCII BASE 64 blob.
CMCEnroll A command line utility used to
sign a certificate enrollment
request with an agent's
certificate.
CMCRequest A command line utility used to
construct a Certificate
Management Messages over
CMS (CMC) request.
CMCResponse A command line utility used to
parse a CMC response.
CMCRevoke A command line utility used to
sign a revocation request with
an agent's certificate.
CRMFPopClient A command line utility used to
generate CRMF requests with
proof of possession (POP).
DRMTool -drmtool_config_file A command line utility used to
change the storage key used
-source_ldif_file to wrap the symmetric key
which is used to encrypt the
-target_ldif_file user's private key.
Optionally, this utility
-log_file may also be used to re-index IDs
associated with the various
[-source_pki_security_database_path records which may be useful
for DRM consolidation.
-source_storage_token_name
''
-source_storage_certificate_nickname
''
-target_storage_certificate_file
[-source_pki_security_database_pwdfile
]]
[-append_id_offset
||
-remove_id_offset
]
[-source_drm_naming_context
]
[-target_drm_naming_context
]
[-process_requests_and_key_records_only]
ExtJoiner . . . A command line utility utilized
to join a sequence of extensions
together so that the final
output can be used in the
configuration wizard for
specifying extra extensions
in default certificates
(i. e. - CA certificate,
SSL certificate).
GenExtKeyUsage [true|false] A command line utility utilized
. . . to generate a DER-encoded
Extended Key Usage extension.
The first parameter is the
criticality of the extension,
true or false. The OIDs to be
included in the extension are
passed as command-line
arguments. The OIDs are
described in RFC 2459. For
example, the OID for code
signing is 1.3.6.1.5.5.7.3.3.
GenIssuerAltNameExt A command line utility utilized
to generate an issuer
. . . alternative name extension in
base-64 encoding. The encoding
output can be used with the
configuration wizard, where:
can be one
of the following strings:
DNSName
EDIPartyName
IPAddressName
URIName
RFC822Name
OIDName
X500Name
is a string
GenSubjectAltNameExt A command line utility utilized
to generate a subject
. . . alternative name extension in
base-64 encoding. The encoding
output can be used with the
configuration wizard, where:
can be one
of the following strings:
DNSName
EDIPartyName
IPAddressName
URIName
RFC822Name
OIDName
X500Name
is a string
HttpClient A command line utility used
to communicate with any
http/https server.
OCSPClient A command line utility that
verifies certificate status by
submitting Online Certificate
Status Protocol (OCSP) requests
to an instance of an OCSP
subsystem.
PKCS10Client A command line utility that
generates a Public Key
Cryptography Standards
(PKCS) #10 enrollment
request.
PKCS12Export A command line utility utilized
to create PKCS12 file.
PrettyPrintCert [output file] A command line utility utilized
to print the contents of a
certificate stored as an ASCII
BASE 64 encoded blob in a
user-friendly manner.
PrettyPrintCrl [output file] A command line utility utilized
to print the contents of a
Certificate Revocation List
(CRL) stored as an ASCII
BASE 64 encoded blob in a
user-friendly manner.
TokenInfo A command line utility utilized
to display all external HSMs
visible to JSS.