+

Search Tips   |   Advanced Search

queryCertificate command

The queryCertificate command uses an implementation class that is passed to communicate with a certificate authority (CA) server and query a certificate.

The queryCertificate command checks to see if the certificate is complete. If the certificate is complete, then the CA certificate is stored in the client keystore. If the certificate is not complete, the certificate request remains in the keystore and the queryCertificate command can be called at some later time to determine if the certificate is complete.

Issue the command from the profile_root/bin directory.


Syntax

The command syntax is as follows:

(The command is split on multiple lines for printing purposes.)(UNIX)

queryCertificate.sh -host<caHost> -port<caPort> -username<caUserName> -password<caPassword> 
-alias<certificateAlias>  -keystoreAlias<keystoreAlias>  
-pkiImplClass<customCAClient>[options]
(Windows)
queryCertificate.bat -host<caHost> -port<caPort> -username<caUserName> -password<caPassword> 
-alias<certificateAlias> -keystoreAlias<keystoreAlias>  
-pkiImplClass<customCAClient> [options]
(ZOS)
queryCertificate.sh -host<caHost> -port<caPort> -username<caUserName>  -password<caPassword> 
-alias<certificateAlias> -keystoreAlias<keystoreAlias>  
-pkiImplClass<customCAClient>[options]
(iSeries)
queryCertificate -host<caHost> -port<caPort> -username<caUserName>  -password<caPassword> 
-alias<certificateAlias> -keystoreAlias<keystoreAlias>  
-pkiImplClass<customCAClient>[options]


Required Parameters

The following required parameter are used with the queryCertifcate command:

-host caHost

Target certificate authority host to which the request is sent.

-port caPort

Target port to connect to.

-username caUserName

User name used to gain access to the certificate authority.

-password caPassword

Password used to authenticate with the certificate authority.

-alias certificateAlias

Specifies The alias of the certificate to be queried.

keyStoreAliaskeyStoreAlias

Name of the keystore located in the ssl.client.props file for the profile to which the CA signed certificate is added. This name is the ClientDefaultKeyStore file for either a managed or unmanaged environment.

-pkiImplClass custom CA client

A class that implements the WSPKIClient interface. The implementation class handles all the communication to the CA server. This can be a custom class or a class provided with the product.


Optional Parameters

The following options are available for the queryCertificate command:

-customAttrs customAttr1=value;customAttr2=value;...

A semi-colon separated list of custom name=value pairs to be passed in to the custom implementation class. This parameter provides a way to pass custom information to the implementation class. The ‘attr' and ‘value' pairs arel be converted to a hash map and passed along to the implementation class.

-retryInterval retry interval

The time period in seconds between retries of queries to the CA server for a CA signed certificate.

-retryLimit retry limit

The total number of times to retry a query request to the CA server.

-logfile filename

The logfile that overrides the default trace file. By default, the trace appears in the profiles/profile/log/caClient.log. file.

-trace

When specified, -trace enables tracing of the trace specification necessary to debug this component. By default, the trace appears in the profiles/profile/log/caClient.log file.

-replaceLog

An option to cause the existing trace file to be replaced when the command is executed.

-quiet

An option to suppress most messages from printing out on the console.

-help

The option to print a usage statement

The following example performs a queryCertificate:

(UNIX)

queryCertificate.sh -host localhost -port 1077 -
username pkiuser -password webspherepki -alias C:\opt\WebSphere\AppClient\
etc\certReq26924.req -keyStoreAlias ClientDefaultKeyStore
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0418E: The following error occurred while querying the CA for a signed
           certificate: CWPKI0463I: Action "query" not supported by this            implementation.
(Windows)
C:\opt\WebSphere\AppClient\bin>queryCertificate.bat -host localhost -port 1077 -
username pkiuser -password webspherepki -alias C:\opt\WebSphere\AppClient\
etc\certReq26924.req -keyStoreAlias ClientDefaultKeyStore
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0418E: The following error occurred while querying the CA for a signed
           certificate: CWPKI0463I: Action "query" not supported by this            implementation.
(ZOS)
queryCertificate.sh -host localhost -port 1077 -
username pkiuser -password webspherepki -alias C:\opt\WebSphere\AppClient\
etc\certReq26924.req -keyStoreAlias ClientDefaultKeyStore
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0418E: The following error occurred while querying the CA for a signed
           certificate: CWPKI0463I: Action "query" not supported by this            implementation.
(iSeries)
queryCertificate -host localhost -port 1077 -
username pkiuser -password webspherepki -alias C:\opt\WebSphere\AppClient\
etc\certReq26924.req -keyStoreAlias ClientDefaultKeyStore
CWPKI0403I: Trace is being logged to the following location:
           C:\opt\WebSphere\AppClient\logs\caClient.log
CWPKI0418E: The following error occurred while querying the CA for a signed
           certificate: CWPKI0463I: Action "query" not supported by this            implementation.

  • Use command-line tools
  • Developing the WSPKIClient interface for communicating with a certificate authority