Previous Topic: dxcertgen certreq Command—Create a Certificate Signing Request (CSR)

Next Topic: Example: Create DSA Certificates

dxcertgen certs Command—Create DSA and User Certificates

The command dxcertgen certs creates DSA and user certificates, and signs these using a root certificate.

If DXcertgen can use a keystore, it stores the root certificate and the private key there. If it cannot use keystore, it stores the root certificate (but not the private key) in a file.

If DXcertgen uses a keystore to hold the root certificate then it re-uses that root certificate when it creates new DSA and user certificates.

If DXcertgen does not use a keystore, it creates a new root certificate each time it creates new DSA or user certificates, and invalidates all certificates it had previously created. It also deletes the private key of the root certificate it has just created, to ensure that no more certificates will be created from that key and so ensure the integrity of the encryption.

Note: DXcertgen uses a keystore if (and only if) it finds keystore software in JAVA_HOME/bin/keytool.

DXcertgen can only create DSA certificates for DSAs that already exist.

It always stores DSA certificates in DXHOME/ssld/personalities. It stores user certificates in a keystore if one is specified in the -c option, or in the path specified in the -p option.

This command has the following syntax:

dxcertgen [-a rootalias] [-c cert-ks-path -C cert-ks-password ] [-d days] [-D dsaname] [-i issuer] -p cert-file-path [-P rootcert-pk-ks-password][-s rootcert-ks-path [-S rootcert-ks-password]] [-u users] certs


Copyright © 2009 CA. All rights reserved. Email CA about this topic