PeopleSoft PSKeyManager Commands | PeopleSoft Tutorial

PeopleSoft PSKeyManager Commands

PeopleSoft PSKeyManager is a wrapper to Sun's keytool for managing keys and certificates.

PSKeyManager is used to generate private keys, import certificates and perform a few more function. This article aims to document the syntax of several pskeymanager commands and their syntax.


PSKeyManager Usage Syntax

-createCreate a new private key and certificate signing request.
[-verbose] [-alias 'alias for cert'] [-keystore 'keystore to use']
[-keypass 'private key password'] [-storepass 'keystore password']
[-keysize 'keysize'] [-validity 'number of days cert if valid']
[-keyalg 'algorithm to use'] [-sigalg 'signing algorithm to use']
[file 'CSR export file']
-importImport a certificate
[-verbose] [-alias 'alias for cert'] [-keystore 'keystore to use']
[-keypass 'private key password'] [-storepass 'keystore password']
[-trustcacerts] [file 'cert file to import']
-exportExport a certificate
[-verbose] [-ascii] [-alias 'alias for cert']
[-keystore 'keystore to use'] [-storepass 'keystore password']
[file 'export to']
-certreqExport a copy of a certificate request
[-alias 'alias for cert']
[-keystore 'keystore to use'] [-storepass 'keystore password']
[file 'export to'] [-sigalg 'signing algorithm to use']
-deleteDelete a certificate
[-verbose] [-alias 'alias for cert']
[-keystore 'keystore to use'] [-storepass 'keystore password']
-listList a certificate or entire keystore
[-verbose or -ascii] [-alias 'alias for cert']
[-keystore 'keystore to use'] [-storepass 'keystore password']
-previewfilecert Preview the contents of a certificate file.
[-verbose ] [-file 'cert file']
-changeprivatekeypassword Change the password for private key.
[-verbose] [-alias alias] [-new 'new password']
[-keypass 'current keypass'] [-keystore 'keystore']
[-storepass 'current storepass']
-changekeystorepasswordChange the password for a certificate or keystore.
[-verbose] [-new 'new password']
[-keystore 'keystore'] [-storepass 'current storepass']

Creating a new set of certificates;

Execute './ -create'

a. For the alias, simply specify a logical name for this certificate.

Generally some form the server name is used. The actual name of

is only used to reference this certificate in the keystore, it is

not used in the URL and does not need to match the server name.

b. For server certificate, specify the server's name as it will be

accessed in a URL. For example, if the server will be accessed by

a URL of '', then specify '' as

the common name. The common name is what must be used in the URL.

c. Specify your organization name, organization division, city, state

and two letter country code.

d. To specify a specify a unique password for this certificate, enter

one at the prompt. THIS IS RECOMMENDED. Remember this password,

you will need to specify it in WebLogic's console when you reference

this certificate.

e. Send the Certificate Signing Request (CSR) that is produced to your

Certificate Authority (CA). They will generate a signed cerificate

for you and also provide you with the public certificate of the root

CA which signed your certificate. You will need to import these two

certificates into your keystore. Import the root CA first.

Import a certificate;

Execute './ -import'

a. To import a CA's root certificate, specify the CA name as the alias.

To import a certificate that a CA has signed for your server (based

on the CSR you provided to that CA), specify the same alias name

which you indicated when you generated the CSR.

b. When prompted specify the path to the cert file to import.

View the chatacteristics of a certificate or CSR IN your keystore;

Execute './ -list -verbose [-alias 'cert_alias_to_view]

To view the characteristics of a specific cert, specify it's alias

on the command line, otherwise all certs will be listed.

View the chatacteristics of a certificate file NOT in your keystore;

Execute './ -previewfilecert [-v]

Apurva Tripathi