PKI 1 Tools

From Dogtag
Jump to: navigation, search

Java Tools

Command Line Utility Purpose
AtoB A command line utility utilized to convert an ASCII BASE 64 blob into a BINARY BASE 64 blob.
AuditVerify A command line utility utilized to verify signatures in signed audit log files.
BtoA A command line utility utilized to convert a BINARY BASE 64 blob into an ASCII BASE 64 blob.
CMCEnroll A command line utility used to sign a certificate enrollment request with an agent's certificate.
CMCRequest A command line utility used to construct a Certificate Management Messages over CMS (CMC) request.
CMCResponse A command line utility used to parse a CMC response.
CMCRevoke A command line utility used to sign a revocation request with an agent's certificate.
CRMFPopClient A command line utility used to generate CRMF requests with proof of possession (POP).
ExtJoiner <ext_file0> . . . <ext_file9> A command line utility utilized to join a sequence of extensions together so that the final output can be used in the configuration wizard for specifying extra extensions in default certificates (i. e. - CA certificate, SSL certificate).
GenExtKeyUsage [true|false] <OID_1> . . . <OID_9> A command line utility utilized to generate a DER-encoded Extended Key Usage extension. The first parameter is the criticality of the extension, true or false. The OIDs to be included in the extension are passed as command-line arguments. The OIDs are described in RFC 2459. For example, the OID for code signing is 1.3.6.1.5.5.7.3.3.
GenIssuerAltNameExt <general_type0> <general_name0> . . . <general_type3> <general_name3> A command line utility utilized to generate an issuer alternative name extension in base-64 encoding. The encoding output can be used with the configuration wizard, where:
  • <general_type#> can be one of the following strings:
    • DNSName
    • EDIPartyName
    • IPAddressName
    • URIName
    • RFC822Name
    • OIDName
    • X500Name
  • <general_name#> is a string
GenSubjectAltNameExt <general_type0> <general_name0> . . . <general_type3> <general_name3> A command line utility utilized to generate a subject alternative name extension in base-64 encoding. The encoding output can be used with the configuration wizard, where:
  • <general_type#> can be one of the following strings:
    • DNSName
    • EDIPartyName
    • IPAddressName
    • URIName
    • RFC822Name
    • OIDName
    • X500Name
  • <general_name#> is a string
HttpClient A command line utility used to communicate with any http/https server.
OCSPClient A command line utility that verifies certificate status by submitting Online Certificate Status Protocol (OCSP) requests to an instance of an OCSP subsystem. A command line utility that generates a Public Key Cryptography Standards (PKCS) #10 enrollment request.
PKCS12Export A command line utility utilized to create PKCS12 file.
PrettyPrintCert <input file> [output file] A command line utility utilized to print the contents of a certificate stored as an ASCII BASE 64 encoded blob in a user-friendly manner.
PrettyPrintCrl <input file> [output file] A command line utility utilized to print the contents of a Certificate Revocation List (CRL) stored as an ASCII BASE 64 encoded blob in a user-friendly manner.
TokenInfo A command line utility utilized to display all external HSMs visible to JSS.

Native Tools

Command Line Utility Purpose
bulkissuance A command line utility utilized to send either a KEYGEN or CRMF enrollment request to the bulk issuance interface for the automatic creation of certificates.</td>
bulkissuance.data An example data file for use with the bulkissuance tool.
revoker A command line tool which may be conveniently utilized to automate user management scripts used to revoke certificates.
setpin A command line tool utilized to enable Dogtag Certificate System to utilize PIN-based authentication.
setpin.conf The configuration file utilized by the setpin command line utility.
tkstool A command line tool utilized to construct DES 2 symmetric keys utilized in conjunction with the Dogtag Certificate System Token Key Service subsystem.