igwcertutil Utility—Create, Copy, Convert, and Delete Certificates

CA EEM Getting Started › FIPS 140-2 Support › Configure Your Application in FIPS-only Mode › Migrate P12 certificates used by Your Application to PEM certificates. › igwcertutil Utility—Create, Copy, Convert, and Delete Certificates

igwcertutil Utility—Create, Copy, Convert, and Delete Certificates

Valid on Windows, UNIX, and Linux

The create command has the following format:

igwCertUtil -version version -create -cert inputcert-params -issuer issuercert -params [-debug] [-silent]

The convert command has the following format:

igwCertUtil -version version -conv -cert inputcert-params -target newcert-params [-debug] [-silent]

The copy command has the following format:

igwCertUtil -version version -copy -cert inputcert-params -target newcert-params [-debug] [-silent]

The delete command has the following format:

igwCertUtil -version version -delete -cert cert-params [-debug] [-silent]

-version version
Specifies the version of igwCertUtil used when creating, converting, copying, or deleting certificates. Version is used for backward compatibility. If igwCertUtil is modified, the version tag gets the old behavior.
-cert inputcert-parms
Specifies the certificate as an XML string when creating, converting, or copying certificates.
-issuer issuercert-parms
Specifies the certificate that is used to sign the newly generated certificate when creating a certificate. If no certificate is specified, a self-signed certificate is created.
-target newcert-parms
Specifies the configuration for the new certificate when converting (or copying) an existing certificate.
-cert cert-parms
-debug
(Optional) Turns on debugging for igwCertUtil.
-silent
(Optional) Turns on silent mode for igwCertUtil.

The following error codes are returned by igwCertUtil:

CERTUTIL_ERROR_UNKNOWN (-1): unknown or undefined error happened
CERTUTIL_SUCCESS (0): successful operation
CERTUTIL_ERROR_USAGE (1): wrong command line arguments passed
CERTUTIL_ERROR_READCERT (2): unable to read certificate
CERTUTIL_ERROR_WRITECERT (3): unable to write certificate
CERTUTIL_ERROR_DELETECERT (4): unable to delete certificate

Example: Convert P12 certificates to PEM certificates

The following example describes usage of converting a P12 certificate to a PEM certificate:

igwCertUtil -version 4.6.0.0 -conv  ‑cert "<Certificate><certType>p12</certType><certURI>testCert.p12</certURI><certPW>password</certPW></Certificate>" ‑target "<Certificate><certType>pem</certType>
<certURI>testCert.cer</certURI><keyURI>testCert.key</keyURI></Certificate>"

Example: Convert P12 Certificates to PKCS#11 certificate:

igwCertUtil -version 4.6.0.0 -conv  ‑cert "<Certificate><certType>p12</certType><certURI>testCert.p12</certURI><certPW>password</certPW></Certificate>" ‑target "<Certificate><certType>p11</certTyp
><pkcs11Lib>pathto-pkcs11Lib</pkcs11Lib><token>pkcs11token</token><userpin>user
in</userpin><id>certid</id></Certificate>"

Initialize the CA EEM SDK in FIPS-only Mode

The CA EEM SDK can be initialized in the FIPS-only mode by configuring the eiam.config file. To configure the eiam.config file, see the chapter, Configuring CA EEM SDK.

More information:

Before You Configure CA EEM Java SDK in FIPS-only Mode

Configure CA EEM C++ SDK in FIPS-only Mode

Configure CA EEM C# SDK in FIPS-only Mode

Email CA about this topic