createCertRequest command
The createCertRequest command creates a PKCS10 certificate request and stores it in a client keystore so that it can be used to send to a certificate authority (CA) server using the requestCertificate command line utility.
Location
Issue the command from the profile_root/bin directory.
Syntax
The command syntax is as follows:
![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
createCertRequest.sh -keyStoreAlias<keystoreAlias> -subjectDN<subjectDN> -alias<certificateAlias> [options]
![[Windows]](../images/windows.gif)
createCertRequest.bat -keyStoreAlias<keystoreAlias> -subjectDN<subjectDN> -alias<certificateAlias> [options]
![[z/OS]](../images/ngzos.gif)
createCertRequest.sh -keyStoreAlias<keystoreAlias> -subjectDN<subjectDN> -alias<certificateAlias> [options]
![[IBM i]](../images/iseries.gif)
createCertRequest -keyStoreAlias<keystoreAlias> -subjectDN<subjectDN> -alias<certificateAlias> [options]
Required Parameters
The following required
parameter are used with the createCertRequest command:
- Specifies the name of the keystore that is located in the ssl.client.props file for the profile to which the CA signed certificate is added. This is the name of the ClientDefaultKeyStore file for either a managed or unmanaged environment.
- Specifies the distinguished name (DN) to be used for the PKCS10 certificate request. The DN must contain the CN, O and C fields at a minimum.
- Specifies the alias used to store the PKCS10 certificate request
certificate in the keystore specified on the request. Note: the CA signed certificate is stored under the same alias and replaces the cert request certificate when received.
Optional Parameters
The following options are available for the createCertRequest command:
- An option that specifies the size of the key. This option is only used valid if creating a PKCS10 certificate request in-band. Valid values include 512, 1024 2048, 4096 and 8192. Thd default size is 2048.
- The time period of certificate validity. Time period is measured from current date. This option is only valid if creating a PKCS10 certificate request in-band. Default value is 365 days.
- A semi-colon separated list of subject alternate names. This option is only used if creating a PKCS10 certificate request in-band.
- A semi-colon separated list of key usage strings. This option is only valid if creating a PKCS10 certificate request in-band.
- A semi-colon separated list of extended key usage strings. This option is only valid if creating a PKCS10 certificate request in-band.
- The logfile that overrides the default trace file. By default, the trace appears in the profiles/profile_name/log/caClient.log. file.
- When specified, -trace enables tracing of the trace specification necessary to debug this component. By default, the trace will appear in the profiles/profile_name/log/caClient.log file.
- An option to cause the existing trace file to be replaced when the command is executed.
- An option to suppress most messages from printing out on the console.
- The option to print a usage statement
- The option to print a usage statement
Usage
The following example creates a PKCS10 certificate request for a client that can be used to send to a CA :
![[AIX]](../images/aixlogo.gif)
![[HP-UX]](../images/hpux.gif)
![[Linux]](../images/linux.gif)
![[Solaris]](../images/solaris.gif)
createCertRequest.sh -keyStoreAlias ClientDefaultKeyStore -subjectDN CN=mycn,o=ibm,c=us -alias cert1
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0422I: Generating a PKCS10 certificate request
CWPKI0421I: A PKCS10 certificate was successfully created. The request
is stored in file:
C:\opt\WebSphere\AppClient\etc\certReq26924.req
![[Windows]](../images/windows.gif)
C:\opt\WebSphere\AppClient\bin>createCertRequest.bat -keyStoreAlias ClientDefaultKeyStore
-subjectDN CN=mycn,o=ibm,c=us -alias cert1
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0422I: Generating a PKCS10 certificate request
CWPKI0421I: A PKCS10 certificate was successfully created. The request
is stored in file:
C:\opt\WebSphere\AppClient\etc\certReq26924.req
![[z/OS]](../images/ngzos.gif)
createCertRequest.sh -keyStoreAlias ClientDefaultKeyStore -subjectDN CN=mycn,o=ibm,c=us -alias cert1
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0422I: Generating a PKCS10 certificate request
CWPKI0421I: A PKCS10 certificate was successfully created. The request
is stored in file:
C:\opt\WebSphere\AppClient\etc\certReq26924.req
![[IBM i]](../images/iseries.gif)
createCertRequest -keyStoreAlias ClientDefaultKeyStore -subjectDN CN=mycn,o=ibm,c=us -alias cert1
CWPKI0403I: Trace is being logged to the following location:
C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0422I: Generating a PKCS10 certificate request
CWPKI0421I: A PKCS10 certificate was successfully created. The request
is stored in file:
C:\opt\WebSphere\AppClient\etc\certReq26924.req