CREATE CERTIFICATE (Create a new TLS certificate)
Use this command to create a new self-signed TLS certificate in the server certificate keystore, cert.kdb, and to export the new certificate’s public key to a file in the server instance directory.
Privilege class
To issue this command, you must have system privilege.
Syntax
Parameters
- certificate_label (Required)
-
Specifies the label that is used to identify the certificate in the server certificate keystore. The label is also used to form the name of the exported public key that is stored in the server instance directory by appending the “.arm” suffix to the label.
The label must be enclosed in quotation marks if it contains any blank spaces or equal signs.
- TODate
-
Specifies the date when the new certificate expires. The specified date must be in the future. The default is 3650 days (approximately 10 years) after the date the CREATE CERTIFICATE command is run. You can specify the date by using one of the following values:
Value Description Example MM/DD/YYYY A specific date 12/31/2045 TODAY+days or +days The current date plus the number of days specified. The maximum number of days that you can specify is 9999. TODAY+3650 or +3650 EOLM+days The last day of the previous month plus the specified number of days.
EOLM+365 BOTM+days The first day of the current month plus the number of specified days.
BOTM+365 - DEFault
- Specifies whether to mark the new certificate as the default certificate in the server
certificate keystore. Possible values are:
- No
- Do not mark the certificate as the default. This is the default.
- Yes
- Mark the certificate as the default. If command approval is enabled, additional approvals are required to specify this value. For more information, see SET COMMANDAPPROVAL (Specifies whether command approval is required).
Example: Create a new self-signed TLS certificate with default expiration date
Create a new self-signed TLS certificate. Include the date of creation in the label to differentiate it from the server’s original certificate.
CREATE CERTIFICATE "TSM Server SelfSigned SHA Key – 2023-05-17”
Example: Create a new self-signed TLS certificate that expires at the end of 2024
Create a new self-signed certificate with label CertFor2024
, and specify an expiration
date of December 31, 2024.
CREATE CERTIFICATE “CertFor2024” todate=12/31/2024
Related commands
Command | Description |
---|---|
SET DEFAULTTLSCERT | Mark a TLS certificate as the default |
SET COMMANDAPPROVAL | Specifies whether command approval is required. |