Introduction
The certificate rollout with the command line client supports only the usage of the JS7 JOC Certificate Authority. Rollout of certificates generated with an external Certificate Authority are not supported.
Command Line Client
Parameters:
Parameter | Required | Description | Example |
---|---|---|---|
--help | Shows the help page, this option is exclusive and has no value. | ||
--token= | Yes | UUID of the token for a onetime authentication to JS7 JOC to receive the generated certificates. | --token=73bfc4b8-3f15-44b9-a75b-cdb44aec8f4b |
--subject-dn= | Yes | The SubjectDN to be used consisting of [CN, OU, O, L, S,C] where the current hostname has to be set as CN. | --subject-dn="CN=myControllerHostname, OU=development, O=SOS, L=Berlin, S=Berlin, C=DE" |
--san= | Yes | The subject alternative names(SAN) should be set with variation of the hostname e.g. including the domain part. The alternatives are separated by comma. | --san="myControllerHostname.sos, myControllerHostname, sp.sos, sp" |
--joc-uri= | Yes | URI of the JS7 JOC to receive the generated certificates from. | --joc-uri=https://joc-2-0-secondary:4443 |
--source-keystore= | No | Path of the Keystore holding the keys to connect to JS7 JOC over HTTPS. | --source-keystore=C:/sp/devel/js7/keys/sp-keystore.p12 |
--source-keystore-type= | No | Type of the keystore to connect to JS7 JOC over HTTPS. (PKCS12[default] and JKS are supported only) | --source-keystore-type=PKCS12 |
--source-keystore-pass= | No | Password for the keystore holding the keys to connect to JS7 JOC over HTTPS. | --source-keystore-pass="YourKeystorePassword" |
--source-keystore-entry-pass= | No | Password for the private key entry of the keystore holding the keys to connect to JS7 JOC over HTTPS. | --source-keystore-entry-pass="YourKeystoreEntryPassword" |
--source-truststore= | No | Truststore holding the trusted certificates to connect to JS7 JOC over HTTPS. | --source-truststore=C:/sp/devel/js7/keys/sp-truststore.p12 |
--source-truststore-type= | No | Type of the truststore to connect to JS7 JOC over HTTPS. (PKCS12[default] and JKS are supported only) | --source-truststore-type=PKCS12 |
--source-truststore-pass= | No | Password for the truststore holding the keys to connect to JS7 JOC over HTTPS. | --source-truststore-pass="YourTruststorePassword" |
--source-private-key= | No | Path to the private Key file used to connect to JS7 JOC over HTTPS. | --source-private-key=C:/sp/devel/js7/keys/sp/sp.key |
--source-certificate= | No | Path to the certificate file used to connect to JS7 JOC over HTTPS. | --source-certificate=C:/sp/devel/js7/keys/sp/sp.cer |
--source-ca-cert= | No | Path to the CA certificate file(s) used to connect to JS7 JOC over HTTPS. (Comma separated) | --source-ca-cert="C:/sp/devel/js7/keys/sp/sos_intermediate_ca.cer, C:/sp/devel/js7/keys/sp/sos_root_ca.cer" |
--target-keystore= | Yes | Keystore where the generated SSL certificates and keys should be stored. | --target-keystore=C:/sp/devel/js7/testing/CLI/controller/https-keystore.p12 |
--target-keystore-type= | No | Type of the keystore to store to. (PKCS12[default] and JKS are supported only) | --target-keystore-type=PKCS12 |
--target-keystore-pass= | No | Password for the keystore to store to. | --target-keystore-pass="YourKeystorePassword" |
--target-keystore-entry-pass= | No | Password for the private key/certificate entry of the target keystore holding the keys for mutual https. | --target-keystore-entry-pass="YourKeystoreEntryPassword" |
--target-truststore= | Yes | Truststore where the trusted ca certificate should be stored. | --target-truststore=C:/sp/devel/js7/testing/CLI/controller/https-truststore.p12 |
--target-truststore-type= | No | Type of the truststore to store to. (PKCS12[default] and JKS are supported only) | --target-truststore-type=PKCS12 |
--target-truststore-pass= | No | Password for the truststore to store to. |
|
--key-alias= | Yes | Alias used to store the certificate and its private key in the target keystore. | --key-alias="MyKeyAlias" |
--ca-alias= | Yes | Alias used to store the ca certificate in both, the target keystore and truststore. | --ca-alias="MyTrustedCertificateAlias" |