createCertificate

Purpose

Use this command to create a certificate. To create a certificate for:
  • A security officer, specify the activation secrets (that is, the authentication code and reference number) provided by SWIFT.
  • For someone other than a security officer, specify the activation secrets of the SO who set up the user for certification.

You must issue this command on each SAG where you want to use the new SWIFTNet user.

Note: This command can take a few minutes to process. To ensure that you receive the result, use the .set command to set the timeout interval to a higher value. For example, to set the timeout interval to 300 seconds, enter: 
INST1.DNFSYSOU.DNFSAGCFG>.set -to 300000
For more information about setting the timeout interval, see Setting environment variables for the CLI.
Required access rights: See Table 4
Predefined roles that provide required access rights: See Table 2
Issue for OU: DNFSYSOU
Issue to service: DNFSAGCFG

Format

Read syntax diagramSkip visual syntax diagramcreateCertificatecct-sagsag-authcodeauthcode-refcoderefcode-namefilename-certlocationFileHardware-passwordpassword

Parameters

-sag sag
Name of the SAG.
-authcode authcode
Authorization code that is returned by the SAG configuration command setupUserForCert.
-refcode refcode
Reference number that is returned by the SAG configuration command setupUserForCert.
-name filename
Name of the file that contains the certificate. When creating a certificate for a security officer, it is recommended that you specify the user name of the security officer, that is, the value of the 'cn=' portion of the DN of the security officer.
-certlocation
Where the file for the certificate is located:
File
Stored in a file on the SAG
Hardware
Stored in a key card or HSM
-password password
The password of the certificate. You must follow the rules for application passwords of SWIFT certificates, for example, the password must contain from 17 to 20 characters and cannot contain part of the file name.

Examples

The following command creates a certificate on the SAG SAG1 and stores it in the local file cert1. This certificate is protected by the password a2s7d7f9g8hw0q9xc3. 
INST1.DNFSYSOU.DNFSAGCFG>cct -sag SAG1
                  -authcode 7HGU-GFZT-0UHG
                  -refcode 0123456
                  -name cert1
                  -password a2s7d7f9g8hw0q9xc3
The following example, entered on a single line, assumes that the security officer received the activation secrets from SWIFT. These include the authorization code 7DWK-AMWT-8WKB and the reference number 00528013. The certificate is protected with the password x9k8j7h6g5f4d3s2a. 
INST1.DNFSYSOU.DNFSAGCFG>cct -sag SAG1
                  -name sec-officer
                  -authcode 7DWK-AMWT-8WKB
                  -refcode 00528013
                  -password x9k8j7h6g5f4d3s2a
                  -certlocation Hardware