Commands for CMS or PKCS #12 key databases

-keydb -changepw
Change the password for a key database:
-keydb -changepw -db filename -pw password -new_pw new_password -expire days
-keydb -convert
Convert the key database from one format to another:
-keydb -convert -db filename -pw password
    -old_format cms | pkcs12 -new_format cms
-keydb -create
Create a key database:
-keydb -create -db filename -pw password -type cms | pkcs12
-keydb -delete
Delete a key database:
-keydb -delete -db filename -pw password
-keydb -list
List currently-supported types of key database:
-keydb -list 
-cert -add
Add a certificate from a file into a key database:
-cert -add -db filename -pw password -label label -file filename
    -format ascii | binary
-cert -create
Create a self-signed certificate:
-cert -create -db filename -pw password -label label -dn distinguished_name
    -size 1024 | 512 -x509version 3 | 1 | 2 -expire days
-cert -delete
Delete a certificate:
-cert -delete -db filename -pw password -label label
-cert -details
List the detailed information for a specific certificate:
-cert -details -db filename -pw password -label label
-cert -export
Export a personal certificate and its associated private key from a key database into a PKCS#12 file, or to another key database:
-cert -export -db filename -pw password -label label -type cms | pkcs12
    -target filename -target_pw password -target_type cms | pkcs12   
-cert -extract
Extract a certificate from a key database:
-cert -extract -db filename -pw password -label label -target filename
    -format ascii | binary
-cert -import
Import a personal certificate from a key database:
 -cert -import -file filename -pw password -type pkcs12 -target filename
        -target_pw password -target_type cms
-cert -list
List all certificates in a key database:
-cert -list all | personal | CA 
    -db filename -pw password
-cert -receive
Receive a certificate from a file:
-cert -receive -file filename -db filename -pw password 
    -format ascii | binary -default_cert yes | no
-cert -sign
Sign a certificate:
-cert -sign -file filename -db filename -pw password
 -label label -target filename
    -format ascii | binary -expire days
-certreq -create
Create a certificate request:
-certreq -create -db filename -pw password
    -label label -dn distinguished_name
    -size 1024 | 512 -file filename
-certreq -delete
Delete a certificate request:
-certreq -delete -db filename -pw password -label label
-certreq -details
List the detailed information of a specific certificate request:
-certreq -details -db filename -pw password -label label

List the detailed information about a certificate request and show the full certificate request:

-certreq -details -showOID -db filename 
    -pw password -label label
-certreq -extract
Extract a certificate request from a certificate request database into a file:
-certreq -extract -db filename -pw password
     -label label -target filename
-certreq -list
List all certificate requests in the certificate request database:
-certreq -list -db filename -pw password
-certreq -recreate
Recreate a certificate request:
-certreq -recreate -dn distinguished_name -pw password
    -label label -target filename