runmqckm and runmqakm options
A table of the runmqckm and runmqakm options that can be present on the command line.
The digital signature algorithm names SHA3WithRSA and SHA5WithRSA are deprecated because they are an abbreviated form of SHA384WithRSA and SHA512WithRSA respectively.
The meaning of an option can depend on the object and action specified in the command.
Option | Description |
---|---|
-create | Option to create a key database. |
-crypto | Name of the module to manage a PKCS #11 cryptographic
device. The value after -crypto is optional if you specify the module name in the properties file. If you are using certificates or keys stored on PKCS #11 cryptographic hardware, note that iKeycmd and iKeyman are 32-bit programs. External modules required for PKCS #11 support will be loaded into a 32-bit process, therefore you must have a 32-bit PKCS #11 library installed for the administration of cryptographic hardware, and must specify this library to iKeycmd or iKeyman. The HP Itanium platform is the only exception, as the iKeyman program is 64-bit on the HP Itanium platform. |
-db | Fully qualified path name of a key database. |
-default_cert | Sets a certificate as the default certificate.
The value can be yes or no . The
default is no . |
-dn | X.500 distinguished name. The value is a string
enclosed in double quotation marks, for example . Note
that the CN, O, and C attributes are required. Note: Avoid
using multiple OU attributes in distinguished names when you create
self-signed certificates. When you create such certificates, only
the last entered OU value is accepted into the certificate.
|
-encryption | Strength of encryption used in certificate export
command. The value can be strong or weak .
The default is strong . |
-expire | Expiration time in days of either a certificate
or a database password. The default is 365 days for a certificate
password. There is no default time for a database password: use the -expire option to set a database password expiration time explicitly. |
-file | File name of a certificate or certificate request. |
-format | Format of a certificate. The value can be ascii for
Base64_encoded ASCII or binary for Binary DER data.
The default is ascii . |
-label | Label attached to a certificate or certificate request. |
-new_format | New format of key database. |
-new_label | Used on a certificate import command, this option allows a certificate to be imported with a different label from the label it had in the source key database. |
-new_pw | New database password. |
-old_format | Old format of key database. |
-pw | Password for the key database or PKCS #12 file. |
-secondaryDB | Name of a secondary key database for PKCS #11 device operations. |
-secondaryDBpw | Password for the secondary key database for PKCS #11 device operations. |
-showOID | Displays the full certificate or certificate request. |
-sig_alg | The hashing algorithm used during the creation
of a certificate request, a self-signed certificate, or the signing
of a certificate. This hashing algorithm is used to create the signature
associated with the newly-created certificate or certificate request. For runmqckm, the value can be MD2_WITH_RSA, MD2WithRSA, MD5_WITH_RSA, MD5WithRSA , SHA1WithDSA, SHA1WithRSA, SHA256_WITH_RSA, SHA256WithRSA, SHA2WithRSA, SHA384_WITH_RSA, SHA384WithRSA , SHA512_WITH_RSA, SHA512WithRSA , SHA_WITH_DSA, SHA_WITH_RSA, SHAWithDSA, or SHAWithRSA. The default value is SHA1WithRSA. For runmqakm, the value can be md5, MD5_WITH_RSA, MD5WithRSA, SHA_WITH_DSA, SHA_WITH_RSA , sha1, SHA1WithDSA, SHA1WithECDSA , SHA1WithRSA, sha224, SHA224_WITH_RSA, SHA224WithDSA, SHA224WithECDSA, SHA224WithRSA, sha256, SHA256_WITH_RSA, SHA256WithDSA , SHA256WithECDSA, SHA256WithRSA , SHA2WithRSA, sha384, SHA384_WITH_RSA, SHA384WithECDSA, SHA384WithRSA, sha512, SHA512_WITH_RSA , SHA512WithECDSA, SHA512WithRSA , SHAWithDSA, SHAWithRSA, EC_ecdsa_with_SHA1, EC_ecdsa_with_SHA224 , EC_ecdsa_with_SHA256, EC_ecdsa_with_SHA384 , or EC_ecdsa_with_SHA512. The default value is SHA1WithRSA. |
-size | Key size. For runmqckm, the value can be 512, 1024, or 2048. The default value is 1024 bits. For runmqakm,
the value depends upon the signature algorithm:
|
-stash | Stash the key database password to a file. |
-target | Destination file or database. |
-target_pw | Password for the key database if -target specifies a key database. |
-target_type | Type of database specified by -target operand. See -type option for permitted values. |
-tokenLabel | Label of a PKCS #11 cryptographic device. |
-trust | Trust status of a CA certificate. The value
can be enable or disable . The default
is enable . |
-type | Type of database. The value can be:
|
-x509version | Version of X.509 certificate to create. The value can be 1, 2, or 3. The default is 3. |