ThirdPartyCertificateTool commands and examples

-c

Creates a certificate signing request (CSR).

-i

Imports a certificate.

-E

Exports a certificate.

-e

Work with the crypto identity.

-T

Work with the truststore (used only with -i and -E).

-d

Distinguished name (DN) to use for certificate.

-r

CSR or certificate file location (depends on mode).

-t

Certificate authority chain file. Can be either PEM, binary PKCS#7 CA certificate chain, or a single DER-format CA certificate.

-p

Keystore password. If -p is not included, NoPassWordSet is used as a default password.

-a

Key pair algorithm: RSA. RSA is the default value.

-P

Creates a CA keystore that includes the certificate authorities that are trusted by the current JRE.

-N

Sets the CA truststore to use the NIST SP800-131a standard.

-R

Restores non-NIST SP800-131a certificates back to the truststore.

Encryption certificate DN

A unique value, formatted as:

CN=EncryptCert,O=MyCompany,C=CA

Keystore password

The default password: NoPassWordSet

This value must match the passwords in IBM® Cognos® Configuration under Security > Cryptography > Cognos. If you change the default values for Signing key store password, Encryption key store password, and Certificate Authority key store password, ensure you use the passwords that you set.

To create a new crypto keypair and PKCS#10 CSR:

To import the third party CA generated crypto certificate and PKCS#7 CA certificate chain:

To import the third party CA generated crypto certificate and PEM CA certificate chain:

To add ca.cer as a trusted certificate:

To export the crypto certificate to crypto.cer:

To export the IBM Cognos CA certificate to ca.cer (when NOT using a third party CA):