PersonalCertificateCommands (AdminTask)

PersonalCertificateCommands command group (AdminTask)

PersonalCertificateCommands commands manage personal or signer certificates.
Avoid trouble: Certificate aliases with embedded quotes in them can cause issues when the runtime attempts to use them. Do not use embedded quotes in a certificate alias.

createChainedCertificate

Create a new self-signed certificate and stores the certificate in a keystore.
Avoid trouble: To use the IBMi5OSKeyStore key store, verify that the signer for each part of the chain exists in the keystore before creating the new certificate. You must import the signer into the IBMi5OSKeyStore keystore before creating the new certificate.gotcha
Target object: None.
Required parameters

-keyStoreName Name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias Name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateSize Size of the certificate. (Integer, required)
-certificateCommonName Common name of the certificate. (String, required)
-certificateOrganization Specifies the organization of the certificate. (String, optional)

Optional parameters

-rootCertificateAlias Unique name to identify the root certificated to use for signing. The default root certificate alias is root. (String, optional)
-certificateVersion Version of the certificate. (String, optional)
-keyStoreScope Scope name of the keystore. (String, optional)
-certificateOrganization Specifies the organization of the certificate. (String, optional)
-certificateOrganizationalUnit Specifies the organizational unit of the certificate. (String, optional)
-certificateLocality Locality of the certificate. (String, optional)
-certificateState State of the certificate. (String, optional)
-certificateZip Specifies the zip code of the certificate. (String, optional)
-certificateCountry Country of the certificate. (String, optional)
-certificateValidDays Amount of time in days for which the certificate is valid. (Integer, optional)

Return value The command does not return output.
Batch mode example usage

Jython string...

AdminTask.createChainedCertificate('-keyStoreName myKeystore -certificateAlias newCertificate -certificateSize 10 -certificateCommonName localhost -certificateOrganization ibm')

Jython list:

AdminTask.createChainedCertificate('-keyStoreName', 'myKeystore', '-certificateAlias', 'newCertificate', '-certificateSize', '10', '-certificateCommonName', 'localhost', '-certificateOrganization', 'ibm')

Interactive mode

Jython:
AdminTask.createChainedCertificate('-interactive')

createSelfSignedCertificate

Create a self-signed personal certificate in a keystore.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateVersion The version of the certificate. (String, required)
-certificateSize The size of the certificate. (Integer, required)
-certificateCommonName The common name of the certificate. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)
-certificateOrganization The organization of the certificate. (String, optional)
-certificateOrganizationalUnit The organizational unit of the certificate. (String, optional)
-certificateLocality The locality of the certificate. (String, optional)
-certificateState The state of the certificate. (String, optional)
-certificateZip The zip code of the certificate. (String, optional)
-certificateCountry The country of the certificate. (String, optional)
-certificateValidDays The amount of time in days for which the certificate is valid. (Integer, optional)
-signatureAlgorithem The signature algorithm used to create the self-signed certificate. The list of valid signature algorithms can be retrieved using the listSignatureAlgorithms command. (String, optional)
Elliptical Curve signature algorithms require specific sizes, so the size parameter is ignored if SHA256withECDSA, SHA384withECDSA, or SHA512withECDSA is specified. SHA256withECDSA will have a size of 256, SHA384withECDSA will have a size of 384, and SHA512withECDSA will have a size of 521.

Example output The command does not return output.
Examples
Batch mode example:

Jacl:

$AdminTask createSelfSignedCertificate {-keyStoreName testKeyStore -certificateAlias default -certificateCommonName localhost -certificateOrganization ibm}

Jython string...

AdminTask.createSelfSignedCertificate('[-keyStoreName testKeyStore -certificateAlias default -certificateCommonName localhost -certificateOrganization ibm')

Jython list:

AdminTask.createSelfSignedCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default', '-certificateCommonName', 'localhost', '-certificateOrganization', 'ibm]')

Interactive mode:

Jython:
AdminTask.createSelfSignedCertificate('-interactive')

deleteCertificate

Delete a personal certificate from a keystore. The command saves a copy of the certificate in the delete keystore.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)

Example output The command does not return output.
Examples
Interactive mode example usage:

Jython:
AdminTask.deleteCertificate('-interactive')

exportCertificate

Export a personal certificate from one keystore to another.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-keyStorePassword The password to the keystore. (String, required)
-keyFilePath The full path to a keystore file located in a file system. The store from where a certificate will be imported or exported. (String, required)
-keyFilePassword The password to the keystore file. (String, required)
-keyFileType The type of the key file. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)
-aliasInKeyStore (String, optional)

Example output The command does not return output.
Examples
Interactive mode example usage:

Jython:
AdminTask.exportCertificate('-interactive')

exportCertToManagedKS

Export a personal certificate to a managed keystore in the configuration.
Target object: None.
Required parameters

-keyStoreName Name that uniquely identifies the keystore configuration object. (String, required)
-keyStorePassword The password to the keystore. (String, required)
-toKeyStoreName Unique name of the keystore to export the certificate to. (String, required)
-certificateAlias Alias of the certificate of interest. (String, required)

Optional parameters

-keyStoreScope Keystore of the certificate of interest. (String, optional)
-toKeyStoreScope Scope of the keystore to export to. (String, optional)
-aliasInKeyStore Alias identifying certificate in the keystore. (String, optional)

Return value
The command does not return output.
Batch mode example

Jython string...

AdminTask.exportCertificateToManagedKS('-keyStoreName myKS -keyStorePassword myKSpw -toKeyStoreName myKS2 -certificateAlias testingKeyStore')

Jython list:

AdminTask.exportCertificateToManagedKS(['-keyStoreName', 'myKS', '-keyStorePassword', 'myKSpw', '-toKeyStoreName', 'myKS2', '-certificateAlias', 'testingKeyStore'])

Interactive mode

Jython:
AdminTask.exportCertificateToManagedKS('-interactive')

extractCertificate

Extract the signer part of a personal certificate to a certificate file. The certificate in the file can later be added to a keystore to establish trust.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateFilePath The full path of the request file containing the certificate. (String, required)
-base64Encoded Set to true if the certificate is a Base64 encoded ASCII file type. Set false if the certificate is binary. (Boolean, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)

Example output The command does not return output.
Examples
Batch mode example:

Jacl:

$AdminTask extractCertificate {-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm -certificateAlias testCertificate}
(iseries)
(zos)

$AdminTask extractCertificate {-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm -certificateAlias testCertificate}

Jython string...

AdminTask.extractCertificate('[-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm -certificateAlias testCertificate]')
(iseries)
(zos)

AdminTask.extractCertificate('[-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm -certificateAlias testCertificate]')

Jython list:

AdminTask.extractCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', 'c:/temp/CertFile.arm', '-certificateAlias', 'testCertificate'])
(iseries)
(zos)

AdminTask.extractCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', '/temp/CertFile.arm', '-certificateAlias', 'testCertificate'])

Interactive mode:

Jython:
AdminTask.extractCertificate('-interactive')

getCertificate

Obtain information about a particular personal certificate in a keystore. If the certificate of interest was created with the requestCACertificate command, the certificate can be in the COMPLETE or REVOKED state. Certificate requests can be in the PENDING state. Use the getCertificateRequest command to determine if a certificate request is in the PENDING state.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)

Example output The command returns information about the certificate request.
Examples
Interactive mode:

Jython:
AdminTask.getCertificate('-interactive')

getCertificateChain

Query the configuration for information about each personal certificate in a certificate chain.
Target object None.
Required parameters and return values

-keyStoreName Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
-certificateAlias Unique alias of the certificate. (String, required)

Optional parameters

-keyStoreScope Management scope of the keystore. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)

Example output
The command returns an array of attribute lists containing configuration information for each certificate in a chain.
Examples
Batch mode example:

Jacl:

$AdminTask getCertificateChain {-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore}

Jython string...

AdminTask.getCertificateChain('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore')

Jython list:

AdminTask.getCertificateChain(['-certificateAlias', 'newCertificate', '-keyStoreName', 'CellDefaultKeyStore'])

Interactive mode:

Jython:
AdminTask.getCertificateChain('-interactive')

importCertificate

Import a personal certificate from a keystore.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-keyFilePath The full path to a keystore file located in a file system. The store from where a certificate will be imported or exported. (String, required)
-keyFilePassword The password to the keystore file. (String, required)
-keyFileType The type of the key file. (String, required)
-certificateAliasFromKeyFile The certificate alias in the key file from which the certificate is being imported. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)

Example output The command does not return output.
Examples
Interactive mode example usage:

Jython:
AdminTask.importCertificate('-interactive')

importCertFromManagedKS

Import a personal certificate from a managed keystore in the configuration.
Target object: None.
Required parameters

-keyStoreName Name that uniquely identifies the keystore configuration object. (String, required)
-fromKeyStoreName Name that uniquely identifies the keystore from which the system imports the certificate. (String, required)
-fromKeyStorePassword Password for the keystore from which the system imports the certificate. (String, required)
-certificateAliasFromKeyStore Alias of the certificate in the keystore. (String, required)

Optional parameters

-keyStoreScope Scope of the keystore to import the certificate to. (String, optional)
-fromKeyStoreScope Scope of the keystore to import the certificate from. (String, optional)
-certificateAlias Alias of the certificate for the destination keystore. (String, optional)

Return value
The command does not return output.
Batch mode example

Jython string...

AdminTask.importCertFromManagedKS('-keyStoreName myKeystore -fromKeyStoreName oldKeystore -fromKeyStorePassword my122password -certificateAliasFromKeyStore myCertificate')

Jython list:

AdminTask.importCertFromManagedKS('-keyStoreName', 'myKeystore', '-fromKeyStoreName', 'oldKeystore', '-fromKeyStorePassword', 'my122password', '-certificateAliasFromKeyStore', 'myCertificate')

Interactive mode

Jython:
AdminTask.importCertFromManagedKS('-interactive')

listKeySizes

Admin console command to display the set of certificate key sizes allowed when creating a personal certificate.
By default, the set of valid key sizes include 512, 1024, 2048, 4096 and 8192. We can customize the list of comma-separated key sizes in the com.ibm.websphere.customKeySizeList security custom property. The com.ibm.websphere.customKeySizeList custom property can be set using the setAdminActiveSecuritySettings command.
Valid key sizes must be 512 or larger, but no larger then 16384, and must be multiples of 8. Any values in com.ibm.websphere.customKeySizeList that do not meet the size requirements are ignored. If the custom list does not contain anything in it when it is finished processing then the list of default sizes is returned.
Target object None.
Required parameters None.
Optional parameters None.
Example output
Returns an arrayList of sizes. The sizes are strings:
512
1024
2048
4096
8192
Examples
Batch mode example usage:

Jacl:
$AdminTask listKeySize

Jython string...
AdminTask.listKeySizes()

listPersonalCertificates

List the personal certificates in a particular keystore.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. The value of this field is not a path to the keystore file. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. To obtain a list of the keystore scope values, see the listManagementScopes command, which is part of the ManagementScopeCommands command group. (String, optional)

Example output
The command returns a list of attributes for each personal certificate in a keystore.
Examples
Batch mode example:

Jython string...
AdminTask.listPersonalCertificates('-keyStoreName myKS')

Jython list:
AdminTask.listPersonalCertificates(['-keyStoreName', 'myKS'])

Interactive mode:

Jython:
AdminTask.listPersonalCertificates('-interactive')

queryCACertificate

Query the configuration to determine if the CA has completed the certificate. If the CA returns a personal certificate, then the system marks the certificate as COMPLETE. Otherwise, it remains marked as PENDING.
Target object None.
Required parameters and return values

-keyStoreName Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
-certificateAlias Unique alias of the certificate. (String, required)

Optional parameters

-keyStoreScope Management scope of the keystore. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)

Example output
The command returns one of two values: Certificate COMPLETE or certificate PENDING. If the command returns the Certificate COMPLETE message, the certificate authority returned the requested certificate and the default personal certificate is replaced. If the command returns the certificate PENDING message, the certificate authority did not yet return a certificate.
Examples
Batch mode example:

Jacl:

$AdminTask queryCACertificate {-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore}

Jython string...

AdminTask.queryCACertificate('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore')

Jython list:

AdminTask.queryCACertificate(['-certificateAlias', 'newCertificate', '-keyStoreName', 'CellDefaultKeyStore'])

Interactive mode:

Jython:
AdminTask.queryCACertificate('-interactive')

receiveCertificate

Receive a signer certificate from a file to a personal certificate.
Target object None.
Required parameters

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateFilePath The full path of the file containing the certificate. (String, required)
-base64Encoded Set to true if the certificate is ascii base 64 encoded. Set false if the certificate is binary. (Boolean, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)

Example output The command does not return output.
Examples
Batch mode example:

Jacl:

$AdminTask receiveCertificate {-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm}
(iseries)
(zos)

$AdminTask receiveCertificate {-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm}

Jython string...

AdminTask.receiveCertificate('[-keyStoreName testKeyStore -certificateFilePath c:/temp/CertFile.arm]')
(iseries)
(zos)

AdminTask.receiveCertificate('[-keyStoreName testKeyStore -certificateFilePath /temp/CertFile.arm]')

Jython list:

AdminTask.receiveCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', 'c:/temp/CertFile.arm'])
(iseries)
(zos)

AdminTask.receiveCertificate(['-keyStoreName', 'testKeyStore', '-certificateFilePath', '/temp/CertFile.arm'])

Interactive mode:

Jython:
AdminTask.receiveCertificate('-interactive')

renewCertificate

Renew a certificate with a new generated certificate.
Target object: None.
Required parameters

-keyStoreName Unique name identifying keystore. (String, required)
-certificateAlias Unique name identifying certificate. (String, required)

Optional parameters

-keyStoreScope Scope of the keystore. (String, optional)
-deleteOldSigners Set to true to delete the old signer certificates during certificate replacement. Otherwise, set the value of this parameter to false. (Boolean, optional)

Return value
The command does not return output.
Batch mode example

Jython string...

AdminTask.renewCertificate('-keyStoreName myKS -certificateAlias testCertificate')

Jython list:

AdminTask.renewCertificate(['-keyStoreName', 'myKS', '-certificateAlias', 'testCertificate'])

Interactive mode

Jython:
AdminTask.renewCertificate('-interactive')

replaceCertificate

Replace a personal certificate with another personal certificate. The command finds each reference to the old certificate alias in the configuration and replaces the alias with the new one. The command also replaces each signer certificate from the old personal certificate with the signer from the new personal certificate.
Target object None.
Required parameters and return values

-keyStoreName The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias The name that uniquely identifies the certificate request in a keystore. (String, required)
-replacementCertificateAlias The alias of the certificate used to replace a different certificate. (String, required)

Optional parameters

-keyStoreScope The scope name of the keystore. (String, optional)
-deleteOldCert Set to true to delete the old certificates during certificate replacement. Otherwise, set the value of this parameter to false. (Boolean, optional)
-deleteOldSigners Set to true to delete the old signer certificates during certificate replacement. Otherwise, set the value of this parameter to false. (Boolean, optional)

Example output The command does not return output.
Examples
Batch mode example:

Jacl:

$AdminTask replaceCertificate {-keyStoreName testKeyStore -certificateAlias default -replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true}

Jython string...

AdminTask.replaceCertificate('[-keyStoreName testKeyStore -certificateAlias default -replacementCertificateAlias replaceCert -deleteOldCert true -deleteOldSigners true]')

Jython list:

AdminTask.replaceCertificate(['-keyStoreName', 'testKeyStore', '-certificateAlias', 'default', '-replacementCertificateAlias', 'replaceCert', '-deleteOldCert', 'true', '-deleteOldSigners', 'true'])

Interactive mode:

Jython:
AdminTask.replaceCertificate('-interactive')

requestCACertificate

Create a certificate request and sends the request to a certificate authority (CA). If the certificate authority returns a personal certificate, then the returned certificate replaces the certificate request in the keystore. The command also works with a preexisting certificate request that was created with the createCertificateRequest command. When the CA returns a personal certificate, the system marks the certificate as COMPLETE and the command returns a message stating that the certificate is complete. If the CA does not return a personal certificate, then the system marks the certificate request as PENDING and the command returns a message stating that the certificate is PENDING.
Avoid trouble: To use the IBMi5OSKeyStore key store, verify that the signer for each part of the chain exists in the keystore before creating the new certificate. You must import the signer into the IBMi5OSKeyStore keystore before creating the new certificate.gotcha
Target object None.
Required parameters and return values

-certificateAlias Alias of the certificate. We can specify a predefined certificate request. (String, required)
-keyStoreName Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
-caClientName Name of the CA client object that has been created and references a WSPKIClient implementation. Needed to communicate with a CA server. (String, required)
-revocationPassword Password to use to revoke the certificate at a later date. (String, required)

Optional parameters

-keyStoreScope Management scope of the keystore. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
-caClientScope Management scope of the CA client. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
-certificateCommonName Common name (CN) part of the full distinguished name (DN) of the certificate. This common name can represent a person, company, or machine. For websites, the common name is frequently the DNS host name where the server resides. (String, optional)
-certificateOrganization Specifies the organization part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateOrganizationalUnity Specifies the organization unit part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateLocality Locality part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateState State part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateZip Specifies the zip code part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateCountry Country part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateSize Size of the certificate key. The valid values are 512, 1024, 2048, 4096, and 8192. The default value is 2048. (String, optional)

Example output
The command returns one of two values: Certificate COMPLETE or certificate PENDING.
Examples
Batch mode example:

Jacl:

$AdminTask requestCACertificate {-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore -CAClientName myCAClient -revocationPassword revokeCApw}

Jython string...

AdminTask.requestCACertificate('-certificateAlias newCertificate -keyStoreName CellDefaultKeyStore -CAClientName myCAClient -revocationPassword revokeCApw')

Jython list:
AdminTask.requestCACertificate(['-certificateAlias','newCertificate','-keyStoreName', 'CellDefaultKeyStore','-CAClientName','myCAClient','-revocationPassword', 'revokeCApw'])

Interactive mode:

Jython:
AdminTask.requestCACertificate('-interactive')

revokeCACertificate

Send a request to the CA to revoke the CA personal certificate of interest.
Target object None.
Required parameters and return values

-certificateAlias Unique name identifying CA personal certificate object and the alias name of the certificate in the keystore. (String, required)
-keyStoreName Name of the keystore where the CA personal certificate is stored. (String, required)
-revocationPassword Password needed to revoke the certificate. This is the same password that was provided when the certificate was created. (String, required)

Optional parameters

-keyStoreScope Management scope of the keystore. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
-revocationReason Reason for revoking the certificate of interest. The default value for this parameter is unspecified. (String, optional)

Example output
The command does not return output. Use the getCertificate command to view the current status of the certificate, as the following example displays:
AdminTask.getCertificate('-certificateAlias myCertificate -keyStoreName CellDefaultKeyStore')

Examples
Batch mode example:

Jacl:

$AdminTask revokeCACertificate {-keyStoreName CellDefaultKeyStore -certificateAlias myCertificate -revocationPassword pw4revoke}

Jython string...

AdminTask.revokeCACertificate('[-keyStoreName CellDefaultKeyStore -certificateAlias myCertificate -revocationPassword pw4revoke]')

Jython list:

AdminTask.revokeCACertificate(['-keyStoreName', 'CellDefaultKeyStore', '-certificateAlias', 'myCertificate', '-revocationPassword', 'pw4revoke'])

Interactive mode:

Jython:
AdminTask.revokeCACertificate('-interactive')

Related tasks

Create self-signed certificates
Add a signer certificate to a keystore
Use the wsadmin scripting AdminTask object for scripted administration
Configure security
ManagementScopeCommands (AdminTask)
Use wsadmin scripting with Jython

-keyStoreName	Name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias	Name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateSize	Size of the certificate. (Integer, required)
-certificateCommonName	Common name of the certificate. (String, required)
-certificateOrganization	Specifies the organization of the certificate. (String, optional)

-rootCertificateAlias	Unique name to identify the root certificated to use for signing. The default root certificate alias is root. (String, optional)
-certificateVersion	Version of the certificate. (String, optional)
-keyStoreScope	Scope name of the keystore. (String, optional)
-certificateOrganization	Specifies the organization of the certificate. (String, optional)
-certificateOrganizationalUnit	Specifies the organizational unit of the certificate. (String, optional)
-certificateLocality	Locality of the certificate. (String, optional)
-certificateState	State of the certificate. (String, optional)
-certificateZip	Specifies the zip code of the certificate. (String, optional)
-certificateCountry	Country of the certificate. (String, optional)
-certificateValidDays	Amount of time in days for which the certificate is valid. (Integer, optional)

-keyStoreName	The name that uniquely identifies the keystore configuration object. (String, required)
-certificateAlias	The name that uniquely identifies the certificate request in a keystore. (String, required)
-certificateVersion	The version of the certificate. (String, required)
-certificateSize	The size of the certificate. (Integer, required)
-certificateCommonName	The common name of the certificate. (String, required)

-keyStoreScope	The scope name of the keystore. (String, optional)
-certificateOrganization	The organization of the certificate. (String, optional)
-certificateOrganizationalUnit	The organizational unit of the certificate. (String, optional)
-certificateLocality	The locality of the certificate. (String, optional)
-certificateState	The state of the certificate. (String, optional)
-certificateZip	The zip code of the certificate. (String, optional)
-certificateCountry	The country of the certificate. (String, optional)
-certificateValidDays	The amount of time in days for which the certificate is valid. (Integer, optional)
-signatureAlgorithem	The signature algorithm used to create the self-signed certificate. The list of valid signature algorithms can be retrieved using the listSignatureAlgorithms command. (String, optional) Elliptical Curve signature algorithms require specific sizes, so the size parameter is ignored if SHA256withECDSA, SHA384withECDSA, or SHA512withECDSA is specified. SHA256withECDSA will have a size of 256, SHA384withECDSA will have a size of 384, and SHA512withECDSA will have a size of 521.

-keyStoreName	The name that uniquely identifies the keystore configuration object. (String, required)
-keyStorePassword	The password to the keystore. (String, required)
-keyFilePath	The full path to a keystore file located in a file system. The store from where a certificate will be imported or exported. (String, required)
-keyFilePassword	The password to the keystore file. (String, required)
-keyFileType	The type of the key file. (String, required)
-certificateAlias	The name that uniquely identifies the certificate request in a keystore. (String, required)

-keyStoreScope	The scope name of the keystore. (String, optional)
-aliasInKeyStore	(String, optional)

-keyStoreScope	Keystore of the certificate of interest. (String, optional)
-toKeyStoreScope	Scope of the keystore to export to. (String, optional)
-aliasInKeyStore	Alias identifying certificate in the keystore. (String, optional)

-keyStoreName	Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
-certificateAlias	Unique alias of the certificate. (String, required)

-keyStoreName	Name that uniquely identifies the keystore configuration object. (String, required)
-fromKeyStoreName	Name that uniquely identifies the keystore from which the system imports the certificate. (String, required)
-fromKeyStorePassword	Password for the keystore from which the system imports the certificate. (String, required)
-certificateAliasFromKeyStore	Alias of the certificate in the keystore. (String, required)

-keyStoreScope	Scope of the keystore to import the certificate to. (String, optional)
-fromKeyStoreScope	Scope of the keystore to import the certificate from. (String, optional)
-certificateAlias	Alias of the certificate for the destination keystore. (String, optional)

-keyStoreName	Unique name identifying keystore. (String, required)
-certificateAlias	Unique name identifying certificate. (String, required)

-keyStoreScope	Scope of the keystore. (String, optional)
-deleteOldSigners	Set to true to delete the old signer certificates during certificate replacement. Otherwise, set the value of this parameter to false. (Boolean, optional)

-keyStoreScope	The scope name of the keystore. (String, optional)
-deleteOldCert	Set to true to delete the old certificates during certificate replacement. Otherwise, set the value of this parameter to false. (Boolean, optional)
-deleteOldSigners	Set to true to delete the old signer certificates during certificate replacement. Otherwise, set the value of this parameter to false. (Boolean, optional)

-certificateAlias	Alias of the certificate. We can specify a predefined certificate request. (String, required)
-keyStoreName	Name of the keystore object that stores the CA certificate. Use the listKeyStores command to display a list of available keystores. (String, required)
-caClientName	Name of the CA client object that has been created and references a WSPKIClient implementation. Needed to communicate with a CA server. (String, required)
-revocationPassword	Password to use to revoke the certificate at a later date. (String, required)

-keyStoreScope	Management scope of the keystore. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
-caClientScope	Management scope of the CA client. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
-certificateCommonName	Common name (CN) part of the full distinguished name (DN) of the certificate. This common name can represent a person, company, or machine. For websites, the common name is frequently the DNS host name where the server resides. (String, optional)
-certificateOrganization	Specifies the organization part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateOrganizationalUnity	Specifies the organization unit part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateLocality	Locality part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateState	State part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateZip	Specifies the zip code part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateCountry	Country part of the full distinguished name (DN) of the certificate. (String, optional)
-certificateSize	Size of the certificate key. The valid values are 512, 1024, 2048, 4096, and 8192. The default value is 2048. (String, optional)

-certificateAlias	Unique name identifying CA personal certificate object and the alias name of the certificate in the keystore. (String, required)
-keyStoreName	Name of the keystore where the CA personal certificate is stored. (String, required)
-revocationPassword	Password needed to revoke the certificate. This is the same password that was provided when the certificate was created. (String, required)

-keyStoreScope	Management scope of the keystore. For a dmgr profile, the default value is the cell scope. For an application server profile, the default value is the node scope. (String, optional)
-revocationReason	Reason for revoking the certificate of interest. The default value for this parameter is unspecified. (String, optional)