IBM Key Certificate Management
The IBM® Key Certificate Management utilities help you manage security keys and certificates.
The Key Certificate Management utilities make up a set of packages that you can use to perform
the following tasks:
- Accessing keys and certificates that are stored in any format.
- Extracting information from a keystore, given a Subject Key Identifier (SKI) and a set of certificate generation APIs to create a self-signed certificate.
- Generating a CertificateRequest.
- Obtaining a certificate that is signed by a Certificate Authority (CA).
The Key Certificate Management utilities are used for the following operations:
- Generating a CertificateRequest, and submitting the request to a CA by using the Java™ Public Key Infrastructure (PKI) to sign a certificate and then receiving the signed certificate.
- Generating a PKCS10 request.
- Generating a self-signed Certificate.
- Revoking a signed certificate from a CA by using the Java PKI.
- Importing certificates from the input stream to the keystore or exporting certificates from the keystore to the output stream.
- Copying a keystore from one keystore format to another keystore format.
- Extracting information from a KeyStore, given an SKI.
The Subject Key Identifier is specified in RFC 3820, Section 4.2.1.2, http://www.faqs.org/rfcs/rfc3820.html.
The following topics provide examples on how to use the most common features of Key Certificate Management. For a complete listing of all the APIs, see Application programming reference.