igwcertutil Utility—Create, Copy, Convert, and Delete Certificates

CA EEM Getting Started › FIPS 140-2 Support › Configure Your Application in FIPS-only Mode › Migrate P12 certificates used by Your Application to PEM certificates. › igwcertutil Utility—Create, Copy, Convert, and Delete Certificates

igwcertutil Utility—Create, Copy, Convert, and Delete Certificates

Valid on Windows, UNIX, and Linux

The create command has the following format:

igwCertUtil -version version -create -cert inputcert-params -issuer issuercert -params [-debug] [-silent]

The convert command has the following format:

igwCertUtil -version version -conv -cert inputcert-params -target newcert-params [-debug] [-silent]

The copy command has the following format:

igwCertUtil -version version -copy -cert inputcert-params -target newcert-params [-debug] [-silent]

The delete command has the following format:

igwCertUtil -version version -delete -cert cert-params [-debug] [-silent]

-version version: Specifies the version of igwCertUtil used when creating, converting, copying, or deleting certificates. Version is used for backward compatibility. If igwCertUtil is modified, the version tag gets the old behavior.
-cert inputcert-parms: Specifies the certificate as an XML string when creating, converting, or copying certificates.
-issuer issuercert-parms: Specifies the certificate that is used to sign the newly generated certificate when creating a certificate. If no certificate is specified, a self-signed certificate is created.
-target newcert-parms: Specifies the configuration for the new certificate when converting (or copying) an existing certificate.
-cert cert-parms
-debug: (Optional) Turns on debugging for igwCertUtil.
-silent: (Optional) Turns on silent mode for igwCertUtil.

The following error codes are returned by igwCertUtil:

CERTUTIL_ERROR_UNKNOWN (-1): unknown or undefined error happened
CERTUTIL_SUCCESS (0): successful operation
CERTUTIL_ERROR_USAGE (1): wrong command line arguments passed
CERTUTIL_ERROR_READCERT (2): unable to read certificate
CERTUTIL_ERROR_WRITECERT (3): unable to write certificate
CERTUTIL_ERROR_DELETECERT (4): unable to delete certificate

Example: Convert P12 certificates to PEM certificates

The following example describes usage of converting a P12 certificate to a PEM certificate:

igwCertUtil -version 4.6.0.0 -conv  ‑cert "<Certificate><certType>p12</certType><certURI>testCert.p12</certURI><certPW>password</certPW></Certificate>" ‑target "<Certificate><certType>pem</certType>
<certURI>testCert.cer</certURI><keyURI>testCert.key</keyURI></Certificate>"

Example: Convert P12 Certificates to PKCS#11 certificate:

igwCertUtil -version 4.6.0.0 -conv  ‑cert "<Certificate><certType>p12</certType><certURI>testCert.p12</certURI><certPW>password</certPW></Certificate>" ‑target "<Certificate><certType>p11</certTyp
><pkcs11Lib>pathto-pkcs11Lib</pkcs11Lib><token>pkcs11token</token><userpin>user
in</userpin><id>certid</id></Certificate>"

Initialize the CA EEM SDK in FIPS-only Mode

The CA EEM SDK can be initialized in the FIPS-only mode by configuring the eiam.config file. To configure the eiam.config file, see the chapter, Configuring CA EEM SDK.

More information:

Before You Configure CA EEM Java SDK in FIPS-only Mode

Configure CA EEM C++ SDK in FIPS-only Mode

Configure CA EEM C# SDK in FIPS-only Mode

Email CA Technologies about this topic