InfoCenter Home >
5: Securing applications -- special topics >
5.5: Certificate-based authentication >
5.5.6: Tools for managing certificates and keys >
5.5.6.1: The CFWK tools for certificate and key management >
5.5.6.1.3: The MakeCertTool tool

5.5.6.1.3: The MakeCertTool tool

This command generates a certificate.

Syntax:

java com.ibm.cfwk.tools.MakeCertTool [--serial U_serial]
[--from U_fromdate]
[[--to U_todate] | [--for U_for]]
[--issuer U_X500Name]
[--subject U_X500Name]
[--sign-alg  U_signalg]
[--sign-key U_keyfile]
[--subject-key U_keyfile]
[--cert-file U_certfile]

Arguments:

--serial U_serial
A serial number to be placed in a certificate, to uniquely identify the certificate
--from U_fromdate
The start date for the certificate, in the format dd/mm/yyyy
--to U_todate
The expiration date for the certificate, in the format dd/mm/yyyy
--for U_for
The lifetime of the certificate, in the format n d, where nis an integer and d stands for "days"
--issuer U_X500Name
The distinguished name of the issuer, in valid X.500 format
--subject U_X500Name
The distinguished name of the owner, in valid X.500 format
--sign-alg U_signalg
The signature algorithm, either "MD5 with RSA" or "SHA1 with RSA"
--sign-key U_keyfile
The file containing the issuer's public key
--subject-key U_keyfile
The file containing the owner's public key
--cert-file U_certfile
The file to hold the generated certificate

Examples:

java com.ibm.cfwk.tools.MakeCertTool --serial 0 --for 2y
--issuer "cn=WebAS Test CA, OU=SWG, O=IBM, c=US"
--sign-alg "MD5 with RSA"
--sign-key d:\projects\websphere\keyrings\WebAS.TestCA.key
--cert-file d:\projects\websphere\keyrings\WebAS.TestCA.cert

Creating certificate...

The example above creates a self-signed certificate for TestCA. It uses the MD5 digest function and TestCA's public key to sign the certificate. (Since the subject and the issuer are the same, the certificate is "self-signed.") The resulting certificate is stored in a file called WebAS.TestCA.cert.

java com.ibm.cfwk.tools.MakeCertTool --serial 0 --for 2y
--issuer "cn=WebAS Test CA, OU=SWG, O=IBM, c=US"
--subject "cn=WebAS Test Server, OU=SWG, O=IBM, c=US"
--sign-alg "MD5 with RSA"
--sign-key d:\projects\websphere\keyrings\WebAS.TestCA.key
--subject-key d:\projects\websphere\keyrings\WebAS.TestServer.key
--cert-file d:\projects\websphere\keyrings\WebAS.TestServer.cert

Creating certificate...

The example above creates a certificate for the TestServer signed by the TestCA. The server's certificate includes the server's public key and is signed by the issuing CA (our TestCA) using the MD5 digest function and the TestCA's public key. The server's certificate is placed in a file called WebAS.TestServer.cert.

Note   This is a general-purpose tool with applications beyond those discussed here. This page discusses only the subset of options relevant to managing certificates for WebSphere Application Server programs.

Go to previous article: MakeCertRequest Go to next article: VaultTool

 

 
Go to previous article: MakeCertRequest Go to next article: VaultTool