                              Certificate System
                            Command Line Utilities


Command Line Utility                           Purpose
==============================================================================
AtoB <input file> <output file>                A command line utility utilized
                                               to convert an ASCII BASE 64
                                               blob into a BINARY BASE 64 blob.

AuditVerify                                    A command line utility utilized
                                               to verify signatures in signed
                                               audit log files.

BtoA <input file> <output file>                A command line utility utilized
                                               to convert a BINARY BASE 64
                                               blob into an ASCII BASE 64 blob.

bulkissuance                                   A command line utility utilized
                                               to send either a KEYGEN or CRMF
                                               enrollment request to the bulk
                                               issuance interface for the
                                               automatic creation of
                                               certificates.

bulkissuance.data                              An example data file for use
                                               with the bulkissuance tool.

CMCEnroll                                      A command line utility used to
                                               sign a certificate enrollment
                                               request with an agent's
                                               certificate.

CMCRequest                                     A command line utility used to
                                               construct a Certificate
                                               Management Messages over
                                               CMS (CMC) request.

CMCResponse                                    A command line utility used to
                                               parse a CMC response.

CMCRevoke                                      A command line utility used to
                                               sign a revocation request with
                                               an agent's certificate.

CRMFPopClient                                  A command line utility used to
                                               generate CRMF requests with
                                               proof of possession (POP).

KRATool -kratool_config_file                   A command line utility used to
        <path + kratool config file>           change the storage key used
        -source_ldif_file                      to wrap the symmetric key
        <path + source ldif file>              which is used to encrypt the
        -target_ldif_file                      user's private key.
        <path + target ldif file>              Optionally, this utility
        -log_file                              may also be used to re-index IDs
        <path + log file >                     associated with the various
        [-source_pki_security_database_path    records which may be useful
         <path to PKI source databases>        for KRA consolidation.
         -source_storage_token_name
         '<source token>'
         -source_storage_certificate_nickname
         '<source nickname>'
         -target_storage_certificate_file
         <path to target certificate file>
         [-source_pki_security_database_pwdfile
          <path + pwdfile>]]
        [-append_id_offset
         <numeric offset> ||
         -remove_id_offset
         <numeric offset>]
        [-source_kra_naming_context
          <source KRA naming context>]
        [-target_kra_naming_context
          <target KRA naming context>]
        [-process_requests_and_key_records_only]

ExtJoiner <ext_file0> . . . <ext_file9>        A command line utility utilized
                                               to join a sequence of extensions
                                               together so that the final
                                               output can be used in the
                                               configuration wizard for
                                               specifying extra extensions
                                               in default certificates
                                               (i. e. - CA  certificate,
                                                        SSL certificate).

GenExtKeyUsage [true|false]                    A command line utility utilized
               <OID_1> . . . <OID_9>           to generate a DER-encoded
                                               Extended Key Usage extension.
                                               The first parameter is the
                                               criticality of the extension,
                                               true or false.  The OIDs to be
                                               included in the extension are
                                               passed as command-line
                                               arguments.  The OIDs are
                                               described in RFC 2459.  For
                                               example, the OID for code
                                               signing is 1.3.6.1.5.5.7.3.3.

GenIssuerAltNameExt <general_type0>            A command line utility utilized
                    <general_name0>            to generate an issuer
                    . . .                      alternative name extension in
                    <general_type3>            base-64 encoding. The encoding
                    <general_name3>            output can be used with the
                                               configuration wizard, where:
                                                   <general_type#> can be one
                                                   of the following strings:
                                                       DNSName
                                                       EDIPartyName
                                                       IPAddressName
                                                       URIName
                                                       RFC822Name
                                                       OIDName
                                                       X500Name
                                                   <general_name#> is a string

GenSubjectAltNameExt <general_type0>           A command line utility utilized
                     <general_name0>           to generate a subject
                     . . .                     alternative name extension in
                     <general_type3>           base-64 encoding. The encoding
                     <general_name3>           output can be used with the
                                               configuration wizard, where:
                                                   <general_type#> can be one
                                                   of the following strings:
                                                       DNSName
                                                       EDIPartyName
                                                       IPAddressName
                                                       URIName
                                                       RFC822Name
                                                       OIDName
                                                       X500Name
                                                   <general_name#> is a string

HttpClient                                     A command line utility used
                                               to communicate with any
                                               http/https server.

OCSPClient                                     A command line utility that
                                               verifies certificate status by
                                               submitting Online Certificate
                                               Status Protocol (OCSP) requests
                                               to an instance of an OCSP
                                               subsystem.

PKCS10Client                                   A command line utility that
                                               generates a Public Key
                                               Cryptography Standards
                                               (PKCS) #10 enrollment
                                               request.

PKCS12Export                                   A command line utility utilized
                                               to create PKCS12 file.

PrettyPrintCert <input file> [output file]     A command line utility utilized
                                               to print the contents of a
                                               certificate stored as an ASCII
                                               BASE 64 encoded blob in a
                                               user-friendly manner.

PrettyPrintCrl <input file> [output file]      A command line utility utilized
                                               to print the contents of a
                                               Certificate Revocation List
                                               (CRL) stored as an ASCII
                                               BASE 64 encoded blob in a
                                               user-friendly manner.

revoker                                        A command line tool which may be
                                               conveniently utilized to
                                               automate user management scripts
                                               used to revoke certificates.

setpin                                         A command line tool utilized
                                               to enable Certificate
                                               System to utilize PIN-based
                                               authentication.

setpin.conf                                    The configuration file utilized
                                               by the setpin command line
                                               utility.

tkstool                                        A command line tool utilized
                                               to construct DES 2 symmetric
                                               keys utilized in conjunction
                                               with the Certificate
                                               System Token Key Service
                                               subsystem.

TokenInfo                                      A command line utility utilized
                                               to display all external HSMs
                                               visible to JSS.

