ThirdPartyCertificateTool commands and usage examples
The ThirdPartyCertificateTool is used to create a certificate signing request (CSR), import a certificate or private key, and export a certificate.
This tool can be used with both the internal (default) and external certificate authority (CA).
The tool is located in the Cognos® Analytics install_location/bin directory.
The sections in this topic provide descriptions of commands and usage examples for the ThirdPartyCertificateTool.
-help parameter
with the tool. For example, ThirdPartyCertificateTool.bat -helpThirdPartyCertificateTool commands
Use the following commands to specify the main operation mode for the tool.
- -c
- Creates a certificate signing request (CSR).
- -i
- Imports a certificate or a private key.
- -E
- Exports a certificate.
Use the following commands to specify the operation modifiers:
- -T
- Works with the trust store. Use only with the -i and -E commands.
- -e
- Works with the crypto identity.
Use the following commands to specify the information flags:
- -p
- Keystore password. If this command is not included, the default password is used.
- -a
- Key pair algorithm, which is either RSA (default) or ECC.
- -r
- CSR or certificate file location (depends on the operation mode).
- -t
- Certificate authority chain file. It can be PEM, binary PKCS#7 CA certificate chain, or a single DER-format CA certificate.
- -d
- The certificate distinguished name (DN), such as CN=product name, OU= unit, O=company, C=country.
- -w
- Private key source (PKCS#8, PKCS#12) password.
- -H
- Subject Alternative Name DNS names, such as DNS_host_1 [DNS_host_n]
- -I
- Subject Alternative Name IP addresses (IPv4, IPv6), such as IP_address_1 [IP_address_n].
- -j
- JRE certificates key store password. If this command is not included, the JRE certificates keystore default password is used.
- -k
- PKCS#8 private key file location.
- -K
- PKCS#12 private key and certificate authority chain file location.
- -M
- Subject Alternative Name e-mail addresses, such as email_1 [email_n].
ThirdPartyCertificateTool usage examples
This section contains examples of commands that you can run using the ThirdPartyCertificateTool.
The following list specifies the tasks that you can accomplish by using the ThirdPartyCertificateTool, and the related command syntax:
- Generate a certificate signing request
(CSR).
ThirdPartyCertificateTool.(bat|sh) -c -e [-p keystore_password] -a key_pair_algorithm -r path_to_cert_or_csr -d dn [-H subject_alternative_nameDns_name_dn] [-I subject_alternative_ip_addresses] [-M subject_alternative_email_addresses] - Import the crypto target
certificate.
ThirdPartyCertificateTool.(bat|sh) -i -e [-p keystore_password] -r path_to_cert_or_csr -t path_to_cert_chain - Import the trusted
certificate.
ThirdPartyCertificateTool.(bat|sh) -i -T [-p keystore_password] -r path_to_cert_or_csr - Import the crypto key using separate
entries.
ThirdPartyCertificateTool.(bat|sh) -i -e [-p keystore_password] -a key_pair_algorithm -r path_to_cert_or_csr -t path_to_cert_chain -w private_key_source_password -k path_to_PKCS#8 - Import the crypto key from
PKCS#12.
ThirdPartyCertificateTool.(bat|sh) -i -e [-p keystore_password] -a key_pair_algorithm -w private_key_source_password -K path_to_PKCS#12 - Export the CA
certificate.
ThirdPartyCertificateTool.(bat|sh) -E -T [-p keystore_password] -r path_to_cert_or_csrNote: If the built-in Cognos certificate authority (CA) is used, the export-Ecommand exports the certificate that was issued by the local CA. This might not be the latest CA certificate, if one was remotely regenerated and both local certificates are still valid. - Export the crypto
certificate.
ThirdPartyCertificateTool.(bat|sh) -E -e [-p keystore_password] -r path_to_cert_or_csr