importcert command

Use the importcert command to import certificates into an IBM® Flex System Manager keystore or truststore.

Synopsis

smcli [-c] [-prompt] [-user user_name] [-pw password] importcert options

smcli importcert [-h | -? | --help]

smcli importcert [-v] -F file_path -t target_store [-V] -a alias_name

Description

The importcert command imports the certificate with the specified alias name and file path into an IBM Flex System Manager keystore or truststore. If alias_name not specified, certificate_serialnumberissuer_name will become the alias_name.

Options

-a | --alias alias_name
Specifies the name of the certificate alias on which to take the action of the command.
-F | --Filepath file_path
Specifies the qualified path and file name of a certificate to import or a certificate name to which to export. When importing, the certificate must be of one of the following two types:
  • Base64-encoded DER certificates, which are enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" in Privacy Enhanced Mail files
  • DER-encoded certificates
-h | -?
Displays the syntax and a brief description of the command.
Tip: If you specify additional options other than -h | -? | --help, the options are ignored.
--help
Displays detailed information about the command, including the syntax, a description of the command, a description of the options and operands, error codes, and examples.
Tips:
  • If you specify additional options other than -h | -? | --help, the options are ignored.
  • You can also display detailed help in the form of man pages using the man command_name command.
-t | --targetstore {key | trust}

Specifies the target store type on which to take action. The available store type values are "key" and "trust".

-V | --Validate
Specifies to only validate the target certificate and not also import it into a store.
-v | --verbose
Writes verbose messages to standard output.

If this option is not specified, this command suppresses noncritical messages.

Exit status

The following codes are returned by this command.
  • 0: The operation completed.
  • 1: A usage error occurred.
  • 2: The command or bundle was not found.
  • 3: The command was not performed because either authentication failed or you are not authorized to perform the action.
  • 52: The certificate import task failed.
  • 58: The keystore or truststore will not import the revoked certificate.
  • 70: Alias already exists in keystore or truststore.

Examples

  1. Import a certificate into a keystore

    This example illustrates how to import the certificate with alias name "cert1" and file path "c:\cert1.cer" into a keystore.

    smcli importcert -a cert1 -F c:\cert1.cer -t key
  2. Import a certificate into a truststore

    This example illustrates how to import the certificate with alias name "cert1" and file path "c:\cert1.cer" into a truststore.

    smcli importcert -a cert1 -F c:\cert1.cer -t trust
  3. Validate a certificate

    This example illustrates how to validate the certificate with file path "c:\cert1.pem" .

    smcli importcert -a cert1 -F c:\cert1.pem -t trust -V