genkeypair

-genkeypair {-alias alias} {-keyalg keyalg} {-keysize keysize} {-sigalg sigalg} [-dname dname] [-keypass keypass] {-validity valDays} {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerClass provider_class_name {-providerArg provider_arg}} {-v} {-protected} {-Jjavaoption} {-signer alias} [-signerkeypass arg]

Generates a key pair (a public key and associated private key). Wraps the public key into an X.509 v3 self-signed certificate, which is stored as a single-element certificate chain. This certificate chain and the private key are stored in a new keystore entry identified by alias.

dname specifies the X.500 Distinguished Name to be associated with alias, and is used as the issuer and subject fields in the self-signed certificate. If no distinguished name is provided at the command line, the user will be prompted for one.

keyalg specifies the algorithm to be used to generate the key pair, and keysize specifies the size of each key to be generated. sigalg specifies the algorithm that should be used to sign the self-signed certificate; this algorithm must be compatible with keyalg.

keypass is a password used to protect the private key of the generated key pair (except for RACF® keystores). If no password is provided, the user is prompted for it. If you press RETURN at the prompt, the key password is set to the same password as that used for the keystore. keypass must be at least 6 characters long.

-signer alias specifies an existing key pair entry in the keystore for signing the newly generated certificate. The certificate associated with this alias becomes the issuer of the new certificate.

-signerkeypass arg specifies the password to access the private key of the signer.

valDays tells the number of days for which the certificate should be considered valid.

This command was named -genkey in previous releases. This old name is still supported in this release and will be supported in future releases, but for clarify the new name, -genkeypair, is preferred going forward.