The hcmds64keytool command can do the following:
- Register the certificate in the Common Component truststore by using the JDK keytool utility.
- Verify the certificate registered in the keystore or truststore by using the JDK keytool utility.
- Change the Common Component truststore password by using the JDK keytool utility.
- Deletes the certificate from the Common Component truststore by using the JDK keytool utility.
- Exports the certificate from the Common Component truststore by using the JDK keytool utility.
To register the certificate in the Common Component truststore, the syntax is:
hcmds64keytool -import -alias alias-name -file file-name -keystore file-name -storetype JKS
To verify the certificate registered in the keystore/truststore, the syntax is:
hcmds64keytool -list -v -keystore file-name
To change the Common Component truststore password, the syntax is:
hcmds64keytool -keystore truststore-file-name -storepasswd
To delete the certificate registered in the Common Component truststore, the syntax is:
hcmds64keytool -delete -alias alias-name -keystore file-name
To export the certificate from the Common Component truststore, the syntax is:
hcmds64keytool -export -keystore file-name -alias alias-name -file file-name
You are prompted to enter the following password in interactive mode.
- For registering the certificate:
- If the truststore does not exist: Password of your choice
- If the trustsotre exists: Current truststore password
- For verifying, deleting or exporting the certificate: Current truststore password
- For changing the truststore password: Enter the current truststore password, then enter a new password
where:
- -alias specifies the name (Alias name) for identifying the certificate in the truststore. Alias name that already exists cannot be specified, so either change it to another name or delete it in advance.
- -keystore specifies the truststore file to be registered,
verified, deleted, or exported.
The truststore (ldapcacerts or jssecacerts) file paths are as follows.
jssecacerts
- For Windows:
Common-Component-installation-folder\uCPSB11\hjdk\jdk\lib\security\jssecacerts
- For Linux:
Common-Component-installation-directory/uCPSB11/hjdk/jdk/lib/security/jssecacerts
ldapcacerts
- For Windows:
Common-Component-installation-folder\conf\sec\ldapcacerts
- For Linux:
Common-Component-installation-directory/conf/sec/ldapcacerts
- For Windows:
- -file specifies the input certificate (PEM or DER format). In the case of export, specify the output path of the certificate.
- -storetype JKS specifies JKS as the store type of the truststore.