Commands for CMS or PKCS #12 key databases on AIX®, Linux®, and Windows
Use the runmqckm and runmqakm commands to manage keys and certificates for a CMS key database or PKCS #12 key database.
The digital signature algorithm names SHA3WithRSA and SHA5WithRSA are deprecated because they are an abbreviated form of SHA384WithRSA and SHA512WithRSA respectively.
- -keydb -changepw
- Change the password for a key database:
Using the runmqckm command:
-keydb -changepw -db filename -pw password -new_pw new_password -expire days
Using the runmqakm command:
-keydb -changepw -db filename -pw password -new_pw new_password -expire days -fips -strong
- -keydb -convert
- For the runmqckm command, convert the key database from one format to another:
-keydb -convert -db filename -pw password -old_format cms | pkcs12 -new_format cms
Using the runmqakm command, convert an old version CMS key database to the new version CMS key database:
-keydb -convert -db filename -pw password -new_db filename -new_pw password -strong -fips
- -keydb -create
- Create a key database:
Using the runmqckm command:
-keydb -create -db filename -pw password -type cms | pkcs12
Using the runmqakm command:
-keydb -create -db filename -pw password -type cms -fips -strong
- -keydb -delete
- Delete a key database:
Using either command:
-keydb -delete -db filename -pw password
- -keydb -list
- List currently-supported types of key database:
Using the runmqckm command:
-keydb -list
Using the runmqakm command:
-keydb -list -fips
- -cert -add
- Add a certificate from a file into a key database:
Using the runmqckm command:
-cert -add -db filename -pw password -label label -file filename -format ascii | binary
Using the runmqakm command:
-cert -add -db filename -pw password -label label -file filename -format ascii | binary -fips
- -cert -create
- Create a self-signed certificate:
Using the runmqckm command:
-cert -create -db filename -pw password -label label -dn distinguished_name -size 1024 | 512 -x509version 3 | 1 | 2 -expire days -sig_alg MD2_WITH_RSA | MD2WithRSA | MD5_WITH_RSA | MD5WithRSA | SHA1WithDSA | SHA1WithRSA | SHA256_WITH_RSA | SHA256WithRSA | SHA2WithRSA | SHA384_WITH_RSA | SHA384WithRSA | SHA512_WITH_RSA | SHA512WithRSA | SHA_WITH_DSA | SHA_WITH_RSA | SHAWithDSA | SHAWithRSA
Using the runmqakm command:
-cert -create -db filename -pw password -label label -dn distinguished_name -size 2048 | 1024 | 512 -x509version 3 | 1 | 2 -expire days -fips -sig_alg md5 | MD5_WITH_RSA | SHA_WITH_DSA | SHA_WITH_RSA | sha1 | SHA1WithDSA | SHA1WithECDSA | SHA1WithRSA | sha224 | SHA224_WITH_RSA | SHA224WithDSA | SHA224WithECDSA | SHA224WithRSA | sha256 | SHA256_WITH_RSA | SHA256WithDSA | SHA256WithECDSA | SHA256WithRSA | SHA2WithRSA | sha384 | SHA384_WITH_RSA | SHA384WithECDSA | SHA384WithRSA | sha512 | SHA512_WITH_RSA | SHA512WithECDSA | SHA512WithRSA | SHAWithDSA | SHAWithRSA | EC_ecdsa_with_SHA1 | EC_ecdsa_with_SHA224 | EC_ecdsa_with_SHA256 | EC_ecdsa_with_SHA384 | EC_ecdsa_with_SHA512
- -cert -delete
- Delete a certificate:
Using the runmqckm command:
-cert -delete -db filename -pw password -label label
Using the runmqakm command:
-cert -delete -db filename -pw password -label label -fips
- -cert -details
- List the detailed information for a specific certificate:
Using the runmqckm command:
-cert -details -db filename -pw password -label label
Using the runmqakm command:
-cert -details -db filename -pw password -label label -fips
- -cert -export
- Export a personal certificate and its associated private key from a key database into a PKCS #12
file, or to another key database:
Using the runmqckm command:
-cert -export -db filename -pw password -label label -type cms | pkcs12 -target filename -target_pw password -target_type cms | pkcs12
Using the runmqakm command:
-cert -export -db filename -pw password -label label -type cms | pkcs12 -target filename -target_pw password -target_type cms | pkcs12 -encryption strong | weak -fips
- -cert -extract
- Extract a certificate from a key database:
Using the runmqckm command:
-cert -extract -db filename -pw password -label label -target filename -format ascii | binary
Using the runmqakm command:
-cert -extract -db filename -pw password -label label -target filename -format ascii | binary -fips
- -cert -import
- Import a personal certificate from a key database:
Using the runmqckm command:
-cert -import -file filename -pw password -type pkcs12 -target filename -target_pw password -target_type cms -label label
Using the runmqakm command:
-cert -import -file filename -pw password -type cms -target filename -target_pw password -target_type cms -label label -fips
For both these commands:- The -label option is required and specifies the label of the certificate that is to be imported from the source key database.
- Additionally, you can use the -new_label option. This allows the imported certificate to be given a different label in the target key database from the label in the source database.
- -cert -list
- List all certificates in a key database:
Using the runmqckm command:
-cert -list all | personal | CA -db filename -pw password
Using the runmqakm command:
-cert -list all | personal | CA -db filename -pw password -fips
- -cert -receive
- Receive a certificate from a file:
Using the runmqckm command:
-cert -receive -file filename -db filename -pw password -format ascii | binary -default_cert yes | no
Using the runmqakm command:
-cert -receive -file filename -db filename -pw password -format ascii | binary -default_cert yes | no -fips
- -cert -sign
- Sign a certificate:
Using the runmqckm command:
-cert -sign -db filename -file filename -pw password -label label -target filename -format ascii | binary -expire days -sig_alg MD2_WITH_RSA | MD2WithRSA | MD5_WITH_RSA | MD5WithRSA | SHA1WithDSA | SHA1WithRSA | SHA256_WITH_RSA | SHA256WithRSA | SHA2WithRSA | SHA384_WITH_RSA | SHA384WithRSA | SHA512_WITH_RSA | SHA512WithRSA | SHA_WITH_DSA | SHA_WITH_RSA | SHAWithDSA | SHAWithRSA
Using the runmqakm command:
-cert -sign -db filename -file filename -pw password -label label -target filename -format ascii | binary -expire days -fips -sig_alg md5 | MD5_WITH_RSA | SHA_WITH_DSA | SHA_WITH_RSA | sha1 | SHA1WithDSA | SHA1WithECDSA | SHA1WithRSA | sha224 | SHA224_WITH_RSA | SHA224WithDSA | SHA224WithECDSA | SHA224WithRSA | sha256 | SHA256_WITH_RSA | SHA256WithDSA | SHA256WithECDSA | SHA256WithRSA | SHA2WithRSA | sha384 | SHA384_WITH_RSA | SHA384WithECDSA | SHA384WithRSA | sha512 | SHA512_WITH_RSA | SHA512WithECDSA | SHA512WithRSA | SHAWithDSA | SHAWithRSA | EC_ecdsa_with_SHA1 | EC_ecdsa_with_SHA224 | EC_ecdsa_with_SHA256 | EC_ecdsa_with_SHA384 | EC_ecdsa_with_SHA512
- -certreq -create
- Create a certificate request:
Using the runmqckm command:
-certreq -create -db filename -pw password -label label -dn distinguished_name -size 1024 | 512 -file filename -sig_alg MD2_WITH_RSA | MD2WithRSA | MD5_WITH_RSA | MD5WithRSA | SHA1WithDSA | SHA1WithRSA | SHA256_WITH_RSA | SHA256WithRSA | SHA2WithRSA | SHA384_WITH_RSA | SHA384WithRSA | SHA512_WITH_RSA | SHA512WithRSA | SHA_WITH_DSA | SHA_WITH_RSA | SHAWithDSA | SHAWithRSA
Using the runmqakm command:
-certreq -create -db filename -pw password -label label -dn distinguished_name -size 2048 | 1024 | 512 -file filename -fips -sig_alg md5 | MD5_WITH_RSA | SHA_WITH_DSA | SHA_WITH_RSA | sha1 | SHA1WithDSA | SHA1WithECDSA | SHA1WithRSA | sha224 | SHA224_WITH_RSA | SHA224WithDSA | SHA224WithECDSA | SHA224WithRSA | sha256 | SHA256_WITH_RSA | SHA256WithDSA | SHA256WithECDSA | SHA256WithRSA | SHA2WithRSA | sha384 | SHA384_WITH_RSA | SHA384WithECDSA | SHA384WithRSA | sha512 | SHA512_WITH_RSA | SHA512WithECDSA | SHA512WithRSA | SHAWithDSA | SHAWithRSA | EC_ecdsa_with_SHA1 | EC_ecdsa_with_SHA224 | EC_ecdsa_with_SHA256 | EC_ecdsa_with_SHA384 | EC_ecdsa_with_SHA512
- -certreq -delete
- Delete a certificate request:
Using the runmqckm command:
-certreq -delete -db filename -pw password -label label
Using the runmqakm command:
-certreq -delete -db filename -pw password -label label -fips
- -certreq -details
- List the detailed information of a specific certificate request:
Using the runmqckm command:
-certreq -details -db filename -pw password -label label
Using the runmqakm command:
-certreq -details -db filename -pw password -label label -fips
List the detailed information about a certificate request and show the full certificate request:
Using the runmqckm command:
-certreq -details -showOID -db filename -pw password -label label
Using the runmqakm command:
-certreq -details -showOID -db filename -pw password -label label -fips
- -certreq -extract
- Extract a certificate request from a certificate request database into a file:
For the runmqckm command:
-certreq -extract -db filename -pw password -label label -target filename
Using the runmqakm command:
-certreq -extract -db filename -pw password -label label -target filename -fips
- -certreq -list
- List all certificate requests in the certificate request database:
Using the runmqckm command:
-certreq -list -db filename -pw password
Using the runmqakm command:
-certreq -list -db filename -pw password -fips
- -certreq -recreate
- Re-create a certificate request:
Using the runmqckm command:
-certreq -recreate -db filename -pw password -label label -target filename
Using the runmqakm command:
-certreq -recreate -db filename -pw password -label label -target filename -fips