PKI 9 Tools

From Dogtag
Revision as of 02:38, 17 June 2021 by Edewata (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Java Tools

The 'pki-java-tools' and 'pki-java-tools-javadoc' packages are now a part of the 'pki-core' source package.

Command Line Utility Purpose
AtoB A command line utility utilized to convert an ASCII BASE 64 blob into a BINARY BASE 64 blob.
AuditVerify A command line utility utilized to verify signatures in signed audit log files.
BtoA A command line utility utilized to convert a BINARY BASE 64 blob into an ASCII BASE 64 blob.
CMCEnroll A command line utility used to sign a certificate enrollment request with an agent's certificate.
CMCRequest A command line utility used to construct a Certificate Management Messages over CMS (CMC) request.
CMCResponse A command line utility used to parse a CMC response.
CMCRevoke A command line utility used to sign a revocation request with an agent's certificate.
CRMFPopClient A command line utility used to generate CRMF requests with proof of possession (POP).
DRMTool A command line utility that can be used to rewrap user's private archived keys using a new, generally stronger, private DRM storage key, and/or can be used to renumber DRM ldif records.
DRMTool.cfg The configuration file utilized by the DRMTool command line utility.
ExtJoiner <ext_file0> . . . <ext_file9> A command line utility utilized to join a sequence of extensions together so that the final output can be used in the configuration wizard for specifying extra extensions in default certificates (i. e. - CA certificate, SSL certificate).
GenExtKeyUsage [true|false] <OID_1> . . . <OID_9> A command line utility utilized to generate a DER-encoded Extended Key Usage extension. The first parameter is the criticality of the extension, true or false. The OIDs to be included in the extension are passed as command-line arguments. The OIDs are described in RFC 2459. For example, the OID for code signing is 1.3.6.1.5.5.7.3.3.
GenIssuerAltNameExt <general_type0> <general_name0> . . . <general_type3> <general_name3> A command line utility utilized to generate an issuer alternative name extension in base-64 encoding. The encoding output can be used with the configuration wizard, where:
  • <general_type#> can be one of the following strings:
    • DNSName
    • EDIPartyName
    • IPAddressName
    • URIName
    • RFC822Name
    • OIDName
    • X500Name
  • <general_name#> is a string
GenSubjectAltNameExt <general_type0> <general_name0> . . . <general_type3> <general_name3> A command line utility utilized to generate a subject alternative name extension in base-64 encoding. The encoding output can be used with the configuration wizard, where:
  • <general_type#> can be one of the following strings:
    • DNSName
    • EDIPartyName
    • IPAddressName
    • URIName
    • RFC822Name
    • OIDName
    • X500Name
  • <general_name#> is a string
HttpClient A command line utility used to communicate with any http/https server.
OCSPClient A command line utility that verifies certificate status by submitting Online Certificate Status Protocol (OCSP) requests to an instance of an OCSP subsystem. A command line utility that generates a Public Key Cryptography Standards (PKCS) #10 enrollment request.
PKCS10Client A command line utility which generates a 1024-bit RSA key pair in the security database, constructs a PKCS#10 certificate request with the public key, and outputs the request to a file.
PKCS12Export A command line utility utilized to create PKCS12 file.
PrettyPrintCert <input file> [output file] A command line utility utilized to print the contents of a certificate stored as an ASCII BASE 64 encoded blob in a user-friendly manner.
PrettyPrintCrl <input file> [output file] A command line utility utilized to print the contents of a Certificate Revocation List (CRL) stored as an ASCII BASE 64 encoded blob in a user-friendly manner.
TokenInfo A command line utility utilized to display all external HSMs visible to JSS.

Native Tools

The 'pki-native-tools' package is now a part of the 'pki-core' source package.

Command Line Utility Purpose
p7tool A command line tool used to display/process PKCS 7 content.
revoker A command line tool which may be conveniently utilized to automate user management scripts used to revoke certificates.
setpin A command line tool utilized to enable Dogtag Certificate System to utilize PIN-based authentication.
setpin.conf The configuration file utilized by the setpin command line utility.
sslget A command line tool similar to the wget command, which downloads files over HTTP. The sslget command line tool supports client authentication using NSS libraries, and the configuration wizard uses this utility to retrieve security domain information from the CA.
tkstool A command line tool utilized to construct DES 2 symmetric keys utilized in conjunction with the Dogtag Certificate System Token Key Service subsystem.

NOTE: As of PKI 9.0, the 'bulkissuance' tool has been 'discontinued'!