Create a digital certificate store

Create a digital certificate store

The KeyTool command-line program enables you to create a Rational Certificate Store (RCS) file containing digital certificates for use with tests. A Rational Certificate Store (RCS) file is a compressed archive file containing one or more PKCS#12 certificates. You can also use the KeyTool program to remove certificates from a certificate store.

Type the following command:
java -cp rpt_home/plugins/com.ibm.rational.test.lt.kernel_version.jar com.ibm.rational.test.lt.kernel.dc.KeyTool --store=file --passphrase=certificate-passphrase --add --remove --generate --cert=certificate-name --subject=subject-name --ca-store=store --ca-cert=ca-certificate-name --ca-passphrase=ca-certificate-passphrase --sign --self-sign --algorithm=algorithm {RSA | DSA} --list If a value contains spaces, enclose the value in quotation marks.

Option Description
--store Required if adding or removing a certificate. The file name of the Rational Certificate Store (RCS) file. If the specified certificate store does not have the RCS extension, this extension will be added.
--passphrase Optional. The passphrase to place on the generated certificate. The default passphrase is default.
--add Optional. Adds the certificate to the certificate store. Used with --generate, this generates a certificate and adds it to the certificate store.
--remove Optional. Removes the certificate from the certificate store. This option cannot be used with the --add or --generate options.
--generate Optional. Generates a certificate. Used with --add, this generates a certificate and adds it to the certificate store.
--cert Required. The name of the certificate file to add, remove, or generate. If you are creating a certificate, the file name will be given the P12 extension.
--subject Optional. The X.500 Distinguished Name for the certificate. If no subject is specified, a default subject will be provided. To learn more about subjects, see Digital certificate creation overview.
--ca-store Required if signing a certificate. The file name of the Rational Certificate Store (RCS) file from which to retrieve the CA certificate.
--ca-cert Required if signing a certificate. The name of the CA certificate file to use to sign another certificate.
--ca-passphrase Required if signing a certificate. The passphrase for the CA certificate.
--sign Optional. Signs the generated certificate using the specified CA certificate. This option cannot be used with --self-sign.
--self-sign Optional. Self-sign the generated certificate. This option cannot be used with --sign.
--algorithm Optional. This determines the encryption algorithm to use. The default is RSA. The options are RSA or DSA.
--list Optional. This prints the names of all certificates in a certificate store to standard output. This list can be used to create a datapool.

Use KeyTool to create and add as many digital certificates as you want. To create a datapool of the names of certificates in the certificate store, run KeyTool again with the --list option. This writes a list of names that can then be imported to a datapool.

Results

You now have a digital certificate store that you can use with tests. Because the KeyTool program has many options, you might want to create an alias or script file to use to invoke KeyTool.
You do not have to use the KeyTool command-line program to create a certificate store. It is possible to use existing PKCS#12 certificates with Rational Performance Tester. PKCS#12 certificates can be exported from a web browser. PKCS#12 certificates encode the private key within the certificate by means of a password.
Do not use certificates associated with real users. Certificates associated with real users contain private keys that should not become known by or available to anyone other than the owner of the certificate. An intruder who gained access to the certificate store would have access to the private keys of all certificates in the store. For this reason, create, or have created for you, certificates that are signed by the correct certificate authority (CA) but that are not associated with real users.

Related:

Digital certificate creation overview
Entrust TruePass authentication overview
Create a digital certificate with OpenSSL
Record a test with digital certificates
Play back a test with a digital certificate

Error 404 - Not Found
Error 404 - Not Found
The document you are looking for may have been removed or re-named. Please contact the web site owner for further assistance.

Option	Description
--store	Required if adding or removing a certificate. The file name of the Rational Certificate Store (RCS) file. If the specified certificate store does not have the RCS extension, this extension will be added.
--passphrase	Optional. The passphrase to place on the generated certificate. The default passphrase is default.
--add	Optional. Adds the certificate to the certificate store. Used with --generate, this generates a certificate and adds it to the certificate store.
--remove	Optional. Removes the certificate from the certificate store. This option cannot be used with the --add or --generate options.
--generate	Optional. Generates a certificate. Used with --add, this generates a certificate and adds it to the certificate store.
--cert	Required. The name of the certificate file to add, remove, or generate. If you are creating a certificate, the file name will be given the P12 extension.
--subject	Optional. The X.500 Distinguished Name for the certificate. If no subject is specified, a default subject will be provided. To learn more about subjects, see Digital certificate creation overview.
--ca-store	Required if signing a certificate. The file name of the Rational Certificate Store (RCS) file from which to retrieve the CA certificate.
--ca-cert	Required if signing a certificate. The name of the CA certificate file to use to sign another certificate.
--ca-passphrase	Required if signing a certificate. The passphrase for the CA certificate.
--sign	Optional. Signs the generated certificate using the specified CA certificate. This option cannot be used with --self-sign.
--self-sign	Optional. Self-sign the generated certificate. This option cannot be used with --sign.
--algorithm	Optional. This determines the encryption algorithm to use. The default is RSA. The options are RSA or DSA.
--list	Optional. This prints the names of all certificates in a certificate store to standard output. This list can be used to create a datapool.