The retrieveSigners command creates a new client self-signed certificate, keystore, and SSL configuration in the ssl.client.props file. Using this command you can optionally extract the signer to a file.
For more information about where to run this command, read about Using command tools.
retrieveSigners <remoteKeyStoreName> <localKeyStoreName> [options]The <remoteKeyStoreName> and <localKeyStoreName> parameters are required. The following optional parameters are available:
[-remoteAlias aliasFromRemoteStore] [-localAlias storeAsAlias] [-listRemoteKeyStoreNames][-listLocalKeyStoreNames] [-autoAcceptBootstrapSigner][-uploadSigners] [-host host] [-port port][-conntype JSR160RMI|RMI|SOAP|IPC][-user user] [-password password] [-trace] [-logfile filename] [-replacelog] [-quiet] [-help]
The following parameters are available for the retrieveSigners command:
The following examples demonstrate correct syntax for using the retrieveSigners command:
retrieveSigners.bat -listRemoteKeyStoreNames -listLocalKeyStoreNames -conntype RMI -port 2809 [Windows systems] retrieveSigners.sh -listRemoteKeyStoreNames -listLocalKeyStoreNames -conntype RMI -port 2809 [Unix systems]
CWPKI0306I: The following remote keystores exist on the specified server: CMSKeyStore, NodeLTPAKeys, NodeDefaultTrustStore, NodeDefaultKeyStore CWPKI0307I: The following local keystores exist on the client: ClientDefaultKeyStore, ClientDefaultTrustStore
retrieveSigners.bat NodeDefaultTrustStore ClientDefaultTrustStore -autoAcceptBootstrapSigner -conntype RMI -port 2809 [Windows] retrieveSigners.sh NodeDefaultTrustStore ClientDefaultTrustStore -autoAcceptBootstrapSigner -conntype RMI -port 2809 [Unix]
CWPKI0308I: Adding signer alias "CN=BIRKT40.austin.ibm.com, O=IBM, C=US" to local keystore "ClientDefaultTrustStore" with the following SHA digest: 40:20:CF:BE:B4:B2:9C:F0:96:4D:EE:E5:14:92:9E:37:8D:51:A5:47