Name

nnmkeytool.ovpl — Key and Certificate Management Tool for NNMi

SYNOPSIS

nnmkeytool.ovpl [ commands ]

DESCRIPTION

The nnmkeytool.ovpl enables NNMi administer to use all java keytool commands without knowing provider parameters. nnmkeytool uses keytool to store keys and certificates in a so called keystore. The default keystore is a file and protected with a NNMi specific password. nnmkeytool.ovpl should be used for PKCS#12 keystore type only.

COMMANDS

Displaying Data

-list [-alias <alias>] -storetype <storetype> -keystore <keystore> [-storepass <storepass>]

Prints contents of keystore entry identified by alias and storetype as PKCS12.It uses keytool options internally and add security provider information to genarate output. The output format is same as keytool output format.

-printcert -file <cert_file> -storetype <storetype> [-rfc]

Reads the certificates from the file cert_file and prints either in human readable format or RFC style with help of keytool. storetypeshould be PKCS12 only.

-printcertreq -file <filename> -storetype <storetype>

Prints the contents of certificate request file filename with storetypeas PKCS12.

Managing the Keystore

-genkeypair -alias <alias> -keyalg <keyalg> [-keysize <keysize>] [-sigalg <sigalg>] [-dname <dname>] [-keypass <keypass>] -validity <valDays> -storetype <storetype> -keystore <keystore> [-storepass storepass]

Generates a key pair (a public key and associated private key).It uses keytool options internally and add security provider information to genarate output.storetype is always PKCS12 as user input.

-certreq -alias <alias> [-sigalg <sigalg>] -file <certreq_file> [-keypass <keypass>] -storetype <storetype> -keystore <keystore> [-storepass <storepass>]

Generates a Certificate Signing Request (CSR).It uses keytool options internally and add security provider information to genarate CSR in PKCS#12 format.storetype is always PKCS12 as user input.

-importcert -alias <alias> -file <cert_file> [-keypass <keypass>] -trustcacerts -storetype <storetype> -keystore <keystore> [-storepass storepass]

Reads the certificate or certificate chain from the file cert_file, and stores it in the keystore entry identified by alias. storetype is always PKCS12 as user input. Security provider information was added internally and transparent to user of this tool.

-importkeystore -srckeystore <nnmkeystore> -destkeystore <nnmP12store> -srcstoretype <storeType> -deststoretype <dStoreType> -srcprovidername <sprovider> -destprovidername <dprovider>

Migrates NNMi users from old keystore format to new PKCS12 format. Internally the command uses keytool options. nnmkeystoreis legacy keystore file and nnmP12store is new keystore file which is in PKCS12 format. Only JKS is allowed asstoreType. Only PKCS12 is allowed as dStoreType. Allowed input for sprovider is SUN and dprovider is JsafeJCE.

-changealias -alias <alias> [-destalias destalias] [-keypass key- pass] -storetype <storetype> -keystore <keystore> [-storepass storepass]

Move an existing keystore entry from the specified alias to a new alias, destalias. Internally the command uses keytool options with provider as JsafeJCE.Only supported storetype is PKCS12.

-delete -alias <alias> -storetype <storetype> -keystore <keystore> [-storepass <storepass>]

Deletes from the keystore the entry identified by alias. Internally the command uses keytool options with provider as JsafeJCE. Only supported storetype is PKCS12.

-exportcert -alias <alias> -storetype <storetype> -keystore <keystore> [-storepass <storepass>] [-rfc] -file <filename>

Exports certificate in binary encoding format by default.A certificate in the printable encoding format is available with -rfc option.Internally the command uses keytool options with provider as JsafeJCE. Only supported storetype is PKCS12.

-genseckey -alias <alias> -keyalg <keyalg> -keysize <keysize> [-key-pass <keypass>] -storetype <storetype> -keystore <keystore> [-storepass storepass]

Generates a secret key and stores it in a new KeyStore.SecretKeyEntry identified by alias.Internally the command uses keytool options with provider as JsafeJCE. Only supported storetype is PKCS12.

-gencert [-rfc] -infile <infile> -outfile <outfile> -alias <alias> -sigalg <sigalg> -dname <dname> -startdate <startdate> -validity <valDays> -keypass <keypass> -keystore <keystore> [-storepass storepass] -storetype <storetype>

Generates certificate from a certificate request. Internally the command uses keytool options with provider as JsafeJCE. Only supported storetype is PKCS12

-importpass -alias <alias> -keypass <arg> -keyalg <keyalg> -keysize <keysize> -keystore <keystore> -storepass <arg> -storetype <storetype>

Imports a password.Internally the command uses keytool options with provider as JsafeJCE. Only supported storetype is PKCS12

-keypasswd -alias <alias> [-keypass <old_keypass>] [-new <new_keypass>] -storetype <storetype> -keystore <keystore> [-storepass <storepass>]

Changes the password under which the private/secret key identified by alias is protected, from old_keypass to new_keypass.Internally the command uses keytool options with provider as JsafeJCE. Only supported storetype is PKCS12

RETURN VALUE

nnmkeytool.ovpl returns the appropriate output shown in the above COMMANDS section.

AUTHOR

nnmkeytool.ovpl was developed by Hewlett Packard Enterprise.

SEE ALSO

None

Return to Reference Pages Index