java -cp RPT_HOME\jdk\jre\bin keytool.exe --store=file --passphrase=certificate-passphrase --add --remove --generate --cert=certificate-name --subject=subject-name --ca-store=store --ca-cert=ca-certificate-name --ca-passphrase=ca-certificate-passphrase --sign --self-sign --algorithm=algorithm {RSA | DSA} --list
If a value contains spaces, enclose the value in quotation marks. RPT_HOME is the typical installation directory. On Windows 7 64-bit, by default, it is located under C:\Program Files\IBM\SDP\jdk\jre\bin.| Option | Description |
|---|---|
| --store | Required if adding or removing a certificate. The file name of the Rational Certificate Store (RCS) file. If the specified certificate store does not have the RCS extension, this extension will be added. |
| --passphrase | Optional. The passphrase to place on the generated certificate. The default passphrase is default. |
| --add | Optional. Adds the certificate to the certificate store. Used with --generate, this generates a certificate and adds it to the certificate store. |
| --remove | Optional. Removes the certificate from the certificate store. This option cannot be used with the --add or --generate options. |
| --generate | Optional. Generates a certificate. Used with --add, this generates a certificate and adds it to the certificate store. |
| --cert | Required. The name of the certificate file to add, remove, or generate. If you are creating a certificate, the file name will be given the P12 extension. |
| --subject | Optional. The X.500 Distinguished Name for the certificate. If no subject is specified, a default subject will be provided. To learn more about subjects, see Digital certificate creation overview. |
| --ca-store | Required if signing a certificate. The file name of the Rational Certificate Store (RCS) file from which to retrieve the CA certificate. |
| --ca-cert | Required if signing a certificate. The name of the CA certificate file to use to sign another certificate. |
| --ca-passphrase | Required if signing a certificate. The passphrase for the CA certificate. |
| --sign | Optional. Signs the generated certificate using the specified CA certificate. This option cannot be used with --self-sign. |
| --self-sign | Optional. Self-sign the generated certificate. This option cannot be used with --sign. |
| --algorithm | Optional. This determines the encryption algorithm to use. The default is RSA. The options are RSA or DSA. |
| --list | Optional. This prints the names of all certificates in a certificate store to standard output. This list can be used to create a datapool. |
You now have a digital certificate store that you can use with tests. Because the KeyTool program has many options, you might want to create an alias or script file to use to invoke KeyTool.
You do not have to use the KeyTool command-line program to create a certificate store. It is possible to use existing PKCS#12 certificates with Rational Performance Tester. PKCS#12 certificates can be exported from a web browser. PKCS#12 certificates encode the private key within the certificate by means of a password.