IKEYCMD command-line options overview
The following table shows each option that can be present on the command line. The options are listed as a complete group; however, their use is dependent on the object and action specified on the command line.
| Option | Description |
| -db | Fully qualified path name of a key database |
| -default_cert | Sets a certificate to be used as the default certificate for client authentication (yes or no). The default is no. |
| -dn | X.500 distinguished name. Input as a quoted
string of the following format (only CN, O, and C are required):
"CN=Jane Doe,O=IBM,OU=Java Development,L=Endicott, ST=NY,ZIP=13760,C=country" |
| -encryption | Strength of encryption used in certificate export command (strong or weak). The default is strong. |
| -expire | Expiration time of either a certificate or a database password (in days). Defaults are 365 days for a certificate and 60 days for a database password. |
| -file | File name of a certificate or certificate request (depending on specified object) |
| -format | Format of a certificate (either ascii for Base64_encoded ASCII or binary for Binary DER data). The default is ascii. |
| -label | Label attached to a certificate or certificate request |
| -new_format | New format of key database |
| -new_pw | New database password |
| -old_format | Old format of key database |
| -pw | Password for the key database or PKCS#12 file. See Creating a new key database. |
| -size | Key size (512 or 1024). The default is 1024. |
| -stash | Indicator to stash the key database password to a file. If specified, the password will be stashed in a file. |
| -target | Destination file or database. |
| -target_pw | Password for the key database if -target specifies a key database. See Creating a new key database. |
| -target_type | Type of database specified by -target operand (see -type). |
| -trust | Trust status of a CA certificate (enable or disable). The default is enable. |
| -type | Type of database. Allowable values are cms (indicates a CMS key database), jce (indicates Sun's proprietary Java Cryptography Extension), jceks (indicates Sun's proprietary Java Cryptography Extension Key Store), or pkcs12 (indicates a PKCS#12 file). |
| -x509version | Version of X.509 certificate to create (1, 2 or 3). The default is 3. |