PeopleSoft PSKeyManager Commands
PeopleSoft PSKeyManager is a wrapper to Sun's keytool for managing keys and certificates.
PSKeyManager is used to generate private keys, import certificates and perform a few more function. This article aims to document the syntax of several pskeymanager commands and their syntax.
More...
PSKeyManager Usage Syntax
| -create | Create a new private key and certificate signing request. [-verbose] [-alias 'alias for cert'] [-keystore 'keystore to use'] [-keypass 'private key password'] [-storepass 'keystore password'] [-keysize 'keysize'] [-validity 'number of days cert if valid'] [-keyalg 'algorithm to use'] [-sigalg 'signing algorithm to use'] [file 'CSR export file'] |
|---|---|
| -import | Import a certificate [-verbose] [-alias 'alias for cert'] [-keystore 'keystore to use'] [-keypass 'private key password'] [-storepass 'keystore password'] [-trustcacerts] [file 'cert file to import'] |
| -export | Export a certificate [-verbose] [-ascii] [-alias 'alias for cert'] [-keystore 'keystore to use'] [-storepass 'keystore password'] [file 'export to'] |
| -certreq | Export a copy of a certificate request [-alias 'alias for cert'] [-keystore 'keystore to use'] [-storepass 'keystore password'] [file 'export to'] [-sigalg 'signing algorithm to use'] |
| -delete | Delete a certificate [-verbose] [-alias 'alias for cert'] [-keystore 'keystore to use'] [-storepass 'keystore password'] |
| -list | List a certificate or entire keystore [-verbose or -ascii] [-alias 'alias for cert'] [-keystore 'keystore to use'] [-storepass 'keystore password'] |
| -previewfilecert | Preview the contents of a certificate file. [-verbose ] [-file 'cert file'] |
| -changeprivatekeypassword | Change the password for private key. [-verbose] [-alias alias] [-new 'new password'] [-keypass 'current keypass'] [-keystore 'keystore'] [-storepass 'current storepass'] |
| -changekeystorepassword | Change the password for a certificate or keystore. [-verbose] [-new 'new password'] [-keystore 'keystore'] [-storepass 'current storepass'] |
Creating a new set of certificates;
Execute './pskeymanager.sh -create'
a. For the alias, simply specify a logical name for this certificate.
Generally some form the server name is used. The actual name of
is only used to reference this certificate in the keystore, it is
not used in the URL and does not need to match the server name.
b. For server certificate, specify the server's name as it will be
accessed in a URL. For example, if the server will be accessed by
a URL of 'crm.peoplesoft.com', then specify 'crm.peoplesoft.com' as
the common name. The common name is what must be used in the URL.
c. Specify your organization name, organization division, city, state
and two letter country code.
d. To specify a specify a unique password for this certificate, enter
one at the prompt. THIS IS RECOMMENDED. Remember this password,
you will need to specify it in WebLogic's console when you reference
this certificate.
e. Send the Certificate Signing Request (CSR) that is produced to your
Certificate Authority (CA). They will generate a signed cerificate
for you and also provide you with the public certificate of the root
CA which signed your certificate. You will need to import these two
certificates into your keystore. Import the root CA first.
Import a certificate;
Execute './pskeymanager.sh -import'
a. To import a CA's root certificate, specify the CA name as the alias.
To import a certificate that a CA has signed for your server (based
on the CSR you provided to that CA), specify the same alias name
which you indicated when you generated the CSR.
b. When prompted specify the path to the cert file to import.
View the chatacteristics of a certificate or CSR IN your keystore;
Execute './pskeymanager.sh -list -verbose [-alias 'cert_alias_to_view]
To view the characteristics of a specific cert, specify it's alias
on the command line, otherwise all certs will be listed.
View the chatacteristics of a certificate file NOT in your keystore;
Execute './pskeymanager.sh -previewfilecert [-v]
