Key Management Utility command-line interface (gskcmd) syntax
This topic contains a description of the syntax that you can use with the gskcmd command.
Syntax
For more information, see Use the gskcapicmd command.
The syntax follows.
gskcmd <object> <action> [options]
Where:- The object includes one of the following:
- -keydb: Actions taken on the key database (either a CMS key database file, a WebDB key ring file, or SSLight class)
- -cert: Actions taken on a certificate
- -certreq: Actions taken on a certificate request
- -version: Displays version information for gskcmd
- -help: Displays help for the gskcmd invocations
The action represents the specific action to take on the object, and options represents the options, both required and optional, specified for the object and action pair.
The object and action keywords are positional and you must specify them in the selected order. However, options are not positional and we can specify them in any order, as an option and operand pair.
| Object | Actions | Description |
|---|---|---|
| -keydb | -changepw | Change the password for a key database |
| -convert | Convert a key database from one format to another | |
| -create | Create a key database | |
| -delete | Delete the key database | |
| -stashpw | Stash the password of a key database into a file | |
| -cert | -add | Add a CA certificate from a file into a key database |
| -create | Create a self-signed certificate | |
| -delete | Delete a CA certificate | |
| -export | Export a personal certificate and its associated private key from a key database into a PKCS#12 file, or to another key database | |
| -extract | Extract a certificate from a key database | |
| -getdefault | Get the default personal certificate | |
| -import | Import a certificate from a key database or PKCS#12 file | |
| -list | List all certificates | |
| -modify | Modify a certificate. (Currently the only field we can modify is the Certificate trust field) | |
| -receive | Receive a certificate from a file into a key database | |
| -setdefault | Set the default personal certificate | |
| -sign | Sign a certificate stored in a file with a certificate stored in a key database and store the resulting signed certificate in a file | |
| -certreq | -create | Create a certificate request |
| -delete | Delete a certificate request from a certificate request database | |
| -details | List the detailed information of a specific certificate request | |
| -extract | Extract a certificate request from a certificate request database into a file | |
| -list | List all certificate requests in the certificate request database | |
| -recreate | Recreate a certificate request | |
| -help | Display help information for the gskcmd command | |
| -version | Display gskcmd version information |
| Option | Description |
|---|---|
| -db | Fully qualified path name of a key database |
| -default_cert | Sets a certificate to use as the default certificate for client authentication (yes or no). Default is no. |
| -dn | X.500 distinguished name. Input as a quoted
string of the following format (only CN, O, and C are required):
CN=Jane Doe,O=IBM,OU=Java Development,L=Endicott, ST=NY,ZIP=13760,C=country |
| encryption | Strength of encryption used in certificate export command (strong or weak). Default is strong. |
| -expire | Expiration time of either a certificate or a database password (in days). |
| -file | File name of a certificate or certificate request (depending on specified object). |
| -format | Format of a certificate (either ASCII for Base64_encoded ASCII or binary for Binary DER data). Default is ASCII. |
| -label | Label attached to a certificate or certificate request |
| -new_format | New format of key database |
| -new_pw | New database password |
| -old_format | Old format of key database |
| -pw | Password for the key database or PKCS#12 file. See Create a new key database. |
| -stashed | The password for the key database will be recovered from the stash file. |
| -size | Key size (512, 1024, or 2048). Default is 1024. The 2048 key size is available if you are using Global Security Kit (GSKit) Version 7.0.4.14 and later. |
| -stash | Indicator to stash the key database password to a file. If specified, the password will be stashed in a file. |
| -target | Destination file or database |
| -target_pw | Password for the key database if -target specifies a key database. See Create a new key database. |
| -target_type | Type of database specified by -target operand (see -type) |
| -trust | Trust status of a CA certificate (enable or disable). Default is enable. |
| -type | Type of database. Allowable values are cms (indicates a CMS key database) or pkcs12 (indicates a PKCS#12 file). |
| -x509version | Version of X.509 certificate to create (1, 2 or 3). Default is 3. |
Related tasks