Table 23 lists the options that can be present on the command line. Note that the meaning of an option can depend on the object and action specified in the command.
Option | Description |
---|---|
-crypto | Name of the module to manage a PKCS #11 cryptographic
device.
The value after -crypto is optional if you specify the module name in the properties file |
-db | Fully qualified path name of a key database. |
-default_cert | Sets a certificate as the default certificate. The value can be yes or no. The default is no. |
-dn | X.500 distinguished name. The value is a string enclosed
in double quotes, for example "CN=John Smith,O=IBM ,OU=Test ,C=GB".
Note that only the CN, O, and C attributes are required.
Note:
Avoid
using multiple OU attributes in distinguished names when you create self-signed
certificates. When you create such certificates, only the last entered OU value is accepted into the certificate. |
-encryption | Strength of encryption used in certificate export command. The value can be strong or weak. The default is strong. |
-expire | Expiration time in days of either a certificate or a database password. The defaults are 365 days for a certificate and 60 days for a database password. |
-file | File name of a certificate or certificate request. |
-format | Format of a certificate. The value can be ascii for Base64_encoded ASCII or binary for Binary DER data. The default is ascii. |
-label | Label attached to a certificate or certificate request. |
-new_format | New format of key database. |
-new_pw | New database password. |
-old_format | Old format of key database. |
-pw | Password for the key database or PKCS#12 file. |
-secondaryDB | Name of a secondary key database for PKCS #11 device operations. |
-secondaryDBpw | Password for the secondary key database for PKCS #11 device operations. |
-showOID | Displays the full certificate or certificate request. |
-size | Key size. The value can be 512 or 1024. The default is 1024. |
-stash | Stash the key database password to a file. |
-target | Destination file or database. |
-target_pw | Password for the key database if -target specifies a key database. |
-target_type | Type of database specified by -target operand. See -type option for permitted values. |
-tokenLabel | Label of a PKCS #11 cryptographic device. |
-trust | Trust status of a CA certificate. The value can be enable or disable. The default is enable. |
-type | Type of database. The value can be:
|
-x509version | Version of X.509 certificate to create. The value can be 1, 2, or 3. The default is 3. |
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
su8options |