Example console commands

Creating a grid root certificate

Command to create a new grid root certificate for the Grid called "demoGrid". The key size is set to 2048 bits using the default key algorithm and signature algorithm. The key will be valid from today until the 20th of November 2022. The keystore will be saved in the "ks folder":

            
-create=gridcert –gridkeystore <ks folder> -gridname demoGrid 
-gridpassword <password> -keysize 2048 –serial <unusedSerialNumber> –to 20221120
          

Creating a host certificate

Command to create a host certificate for the server demogrid.infor.com. The keystore is saved in the "ks folder". Default key size and algorithms are used.

            -create=hostcert -hostfqdn demogrid.infor.com -to YYYYMMDD –hostkeystore 
<ks folder> -hostname demogrid –gridkeystore <ks folder> -gridpassword 
<password> -gridname demoGrid  -serial <unusedSerialNumber> -address <IPAddress> -role grid-admin

          

Creating an SSL certificate

Command to create an SSL certificate for a server with multiple network interfaces (demogrid.infor.com using IP address 10.10.10.10 and extdemo.infor.com using IP address 172.30.10.10). The keystore is saved in the "ks folder". Default key size and algorithms are used.

Note that if the host FQDN value should be used to identify the server in the SSL handshake, it must be specified as an altname value as well.

            -create=sslcert -address 10.10.10.10 -address 172.30.10.10 -altname 
demogrid.infor.com -altname extdemo.infor.com -to YYYYMMDD -sslkeystore 
<ks folder> –gridkeystore <ks folder> -gridpassword <password> 
-gridname demoGrid -hostfqdn <hostFQDN>
            
          

Creating a client certificate

Command to create a client certificate for the user "MyID" with the roles "grid-admin" and "other-role". If the YYYYMMDD values were "20130601" and "20150615", the certificate would be valid from June 1st 2013 to June 1st 2015.

            -create=clientcert –clientkeystore <ks folder> -clientname MyID 
-clientpassword <password> -from <YYYYMMDD> -to <YYYYMMDD> -role grid-admin 
-role other-role –gridkeystore <ks folder> -gridpassword <password> 
-gridname demoGrid –serial <unusedSerialNumber>
            
          

Creating an SSL Certificate Signing Request

Command to create an SSL Certificate Signing Request. The CSR is written to the file <ks folder>/<hostname parameter>.csr.txt. The CSR can then be used in the external CA to get a signed certificate back.

            -create=certreq -address 10.10.10.10 -address 172.30.10.10 -altname 
demogrid.infor.com -altname extdemo.infor.com –hostname demogrid -sslkeystore <ks folder> 
-hostfqdn <hostFQDN> –serial <unusedSerialNumber>
            
          

Importing an externally signed certificate

Command to import an externally signed certificate. The <ks folder> must be the same path as was used during the create=certreq command.

            -import=sslcert -certfile <path to a file containing the signed certificate> -sslkeystore <ks folder>
            
          

Importing an externally signed certificate and the private key

Command to import an externally signed certificate and the corresponding private key.

            -import=sslkey -keyfile <key file path> -keypassword <key file password> -keystoretype=<pkcs12|bks|jks> -sslkeystore <directory path of https.ks>
          

Creating a symmetric key

Command to create a new symmetric key used for encryption of password properties. Note that changing the key will make any presently encrypted properties unusable. If the key needs to be changed, first export the properties, then re-import them.

            
-create=symkey -gridpassword <password> -gridname <gridName> -gridkeystore <ks folder> 
-symkeypath <ks folder> -hostkeystore <ks folder> -hostname <hostName>