ThirdPartyCertificateTool commands and examples
Some tasks use a command-line tool named ThirdPartyCertificateTool. The following tables list the options for this command-line tool.
ThirdPartyCertificateTool commands
Command | Description |
---|---|
-c |
Creates a certificate signing request (CSR). |
-i |
Imports a certificate. |
-E |
Exports a certificate. |
Command | Description |
---|---|
-e |
Work with the crypto identity. |
-T |
Work with the truststore (used only with -i and -E). |
Command | Description |
---|---|
-d |
Distinguished name (DN) to use for certificate. |
-r |
CSR or certificate file location (depends on mode). |
-t |
Certificate authority chain file. Can be either PEM, binary PKCS#7 CA certificate chain, or a single DER-format CA certificate. |
-p |
Keystore password. If -p is not included, NoPassWordSet is used as a default password. |
-a |
Key pair algorithm: RSA. RSA is the default value. |
-P |
Creates a CA keystore that includes the certificate authorities that are trusted by the current JRE. |
-N |
Sets the CA truststore to use the NIST SP800-131a standard. |
-R |
Restores non-NIST SP800-131a certificates back to the truststore. |
The sample values from the following table are used:
Property | Value |
---|---|
Encryption certificate DN |
A unique value, formatted as:
|
Keystore password |
The default password: NoPassWordSet This value must match the passwords in IBM® Cognos® Configuration under Signing key store password, Encryption key store password, and Certificate Authority key store password, ensure you use the passwords that you set. . If you change the default values for |
ThirdPartyCertificateTool examples
Example | Command |
---|---|
To create a new crypto keypair and PKCS#10 CSR: |
ThirdPartyCertificateTool.bat -c -e -d cn=Me,o=MyCompany,c=CA -r
crypto.csr -a RSA -p password |
To import the third party CA generated crypto certificate and PKCS#7 CA certificate chain: |
ThirdPartyCertificateTool.bat -i -e -r crypto.cer -p password -t
cacert.p7b |
To import the third party CA generated crypto certificate and PEM CA certificate chain: |
ThirdPartyCertificateTool.bat -i -e -r crypto.cer -p password -t
cacert.pem |
To add ca.cer as a trusted certificate: |
ThirdPartyCertificateTool.bat -i -T -r ca.cer -p password -t
cacert.cer |
To export the crypto certificate to crypto.cer: |
ThirdPartyCertificateTool.bat -E -e -r crypto.cer -p
password |
To export the IBM Cognos CA certificate to ca.cer (when NOT using a third party CA): |
ThirdPartyCertificateTool.bat -E -T -r ca.cer -p
password |
To remove all non-NIST SP800-131a CA certificates, and set CA trust store to NIST SP800-131a standard: | ThirdPartyCertificateTool.bat -N -p password |
To restore JRE non-NIST SP800-131a certificates back to CA trust store: | ThirdPartyCertificateTool.bat -R -p password |