The command dxcertgen certs creates DSA and user certificates, and signs these using a root certificate.
If DXcertgen can use a keystore, it stores the root certificate and the private key there. If it cannot use keystore, it stores the root certificate (but not the private key) in a file.
If DXcertgen uses a keystore to hold the root certificate then it re-uses that root certificate when it creates new DSA and user certificates.
If DXcertgen does not use a keystore, it creates a new root certificate each time it creates new DSA or user certificates, and invalidates all certificates it had previously created. It also deletes the private key of the root certificate it has just created, to ensure that no more certificates will be created from that key and so ensure the integrity of the encryption.
Note: DXcertgen uses a keystore if (and only if) it finds keystore software in JAVA_HOME/bin/keytool.
DXcertgen can only create DSA certificates for DSAs that already exist.
It always stores DSA certificates in DXHOME/ssld/personalities. It stores user certificates in a keystore if one is specified in the -c option, or in the path specified in the -p option.
This command has the following syntax:
dxcertgen [-a rootalias] [-c cert-ks-path -C cert-ks-password ] [-d days] [-D dsaname] [-i issuer] -p cert-file-path [-P rootcert-pk-ks-password][-s rootcert-ks-path [-S rootcert-ks-password]] [-u users] certs
Specifies the root key in the keystore. Only use this if you use a root certificate keystore.
Default: dxcertgen
Specifies the path to a keystore to use to store the created user certificates given by the -u option.
Default: DXHOME/config/ssld/javakeystores
Specifies the existing password to access the user certificate keystore. You should have set this password when you created the keystore.
Specifies the number of days for which the certificate will be valid.
Default: 365
Specifies the DSA for which a new certificate will be created. If you do not use this option, DXcertgen will create certificates for all DSAs.
Only use this if you use a root certificate keystore.
Specifies the name to use if you are creating a root certificate. DXcertgen generates a root certificate with the name given here. Usually this will be your company name.
Default: "CN=DXCertGenCA,O=DXCertGenPKI,C=AU"
Specifies the path to a file to use to store created user certificates.
Default: DXHOME/config/ssld/personalities
Specifies a password to protect the private key in the root certificate keystore. You set this password here.
Specifies the path to the root certificate keystore.
Default: DXHOME/config/ssld/javakeystores
Specifies the password to access the root certificate keystore. You should have set this password when you created the keystore.
Default: changeit
Specifies an LDIF file that contains a list of users to create certificates for.
Copyright © 2009 CA. All rights reserved. | Email CA about this topic |