IBM InfoSphere Streams Version 4.1.0

streamtool updatecertificate

The streamtool updatecertificate command updates a client certificate in the web management service truststore.

Usage

Read syntax diagramSkip visual syntax diagram
updatecertificate

>>- --clientid--clientid--+-----------------------+------------->
                          '-+- -d----------+--did-'   
                            '- --domain-id-'          

>--+- -f-----+--pathname--+---------+--+-----------------+------>
   '- --file-'            +- -h-----+  '- --trace--level-'   
                          '- --help-'                        

>--+---------------------+--+-----------------------+----------->
   '-+- -U-----+--userid-'  '-+- -v--------+--level-'   
     '- --User-'              '- --verbose-'            

>--| Non-interactive tool options |----------------------------><

Non-interactive tool options

    (1)                                    
|--------+-----------------------------+------------------------|
         +- --embeddedzk---------------+   
         |               .-,---------. |   
         |               V           | |   
         '- --zkconnect----host:port-+-'   
Notes:
  1. The non-interactive tool options are not supported in the interactive streamtool interface.

Authority

You must have write authority for the config domain object. By default, the DomainAdministrator role has this authority. For more information about access control lists, see streamtool getdomainacl.

Description

If you configure client authentication, only trusted clients can connect to the web management service. All of the tools and interfaces that access the web management service must identify themselves by using a certificate that matches information in the web management service client truststore. The web management service uses the distinguished name (DN) information in the client certificate to identify users who are authorized to connect.

You might run this command when a user has a new client certificate, for example because their old certificate was nearing its expiration date. This command replaces the user's old certificate in the truststore with the new certificate that you specify in the -f or --file option.

The certificate is usable after the web management service is restarted. For more information, see the streamtool restartdomainservice command.

Options and arguments

--clientid client-id
Specifies a unique identifier for the client certificate or the CA certificate.
-d, --domain-id did
Specifies the domain identifier.

If you do not specify this option, InfoSphere® Streams uses the domain name that is set in the STREAMS_DOMAIN_ID environment variable. By default, that domain name is StreamsDomain. If you are using the interactive streamtool interface, it uses the name of the active domain for the current streamtool session or else it prompts you for the domain name.

The active domain for the current streamtool session is set every time that you successfully run a streamtool command with a -d or --domain-id option. Alternatively, you can run the streamtool domain command in the interactive interface.

--embeddedzk

Specifies to use the embedded copy of ZooKeeper. This option is not supported within the interactive streamtool interface.

If you are not using the interactive streamtool interface and you do not specify either this option or the --zkconnect option, InfoSphere Streams uses the ZooKeeper connection that is associated with the active domain or the domain that is specified in the --domain-id option. InfoSphere Streams determines which connection maps to the domain by using cached information about the domains. In this scenario, if the domain identifier is not unique in the InfoSphere Streams configuration cache, the command fails.

-f, --file file-name
Specifies the file path of the certificate. The path can be an absolute or relative path.
-h, --help
Specifies to show the command syntax.
--trace level
Specifies the trace setting. The following valid levels are listed in order of increasing verbosity, which is to say that the first level in the list generates the least amount of information:
  • off
  • error
  • warn
  • info
  • debug
  • trace
The default value is off.
-U, --User userid
Specifies an InfoSphere Streams user ID that has authority to run the command.
-v,--verbose level
Specifies to provide more detailed command output. The vebosity level can be from 0 to 3 where each increment provides more detailed output.
--zkconnect host:port

The name of one or more host and port pairs that specify the configured ZooKeeper servers. This option is not supported within the interactive streamtool interface.

If you are not using the interactive streamtool interface and you do not specify this option, InfoSphere Streams tries to use:
  1. The --embeddedzk option
  2. The value from the STREAMS_ZKCONNECT environment variable
  3. A ZooKeeper connection string that is derived from cached information about the current domain.
Parent topic: Streamtool commands
Related reference:
streamtool rmcertificate
streamtool addcertificate
streamtool gencertificate
streamtool importcertificate
streamtool lscertificate