orapki utility commands

 1) Create a wallet using below command

orapki wallet create -wallet client_wallet -auto_login -pwd "wallet password"

2) chmod 664 ewallet.p12

    chmod 664 cwallet.sso 

3) Convert jks file into wallet

orapki wallet jks_to_pcks12 -wallet client_wallet -pwd "wallet password" -keystore key.jks -jkspwd "wallet password"

ikeycmd commands for kdb database files

 1) Below command will display certificate details like expiry date in the kdb file keystore.kdb

ikeycmd -cert -details -label "Certificate name in KDB" -db keystore.kdb -pw "password of kdb file"

2) Below command will display list of certificates in kdb file

ikeycmd -cert  -list  -db keystore.kdb -pw "password of kdb file"

3) Below command will display ca certificates in kdb file

ikeycmd -cert  -list ca -db keystore.kdb -pw "password of kdb file"

4) Below command will display personal certificates in kdb file

ikeycmd -cert  -list personal -db keystore.kdb -pw "password of kdb file"

5) Below command will validate given certificate in kdb file

ikeycmd -cert  -validate -label  "Certificate name we need  to validate in KDB file" -db keystore.kdb -pw "password of kdb file"

6) Below command will display the default certificate in kdb file

ikeycmd -cert  -getdefault  -db keystore.kdb -pw "password of kdb file"

7) Below command will set the default certificate in kdb file. This will help to set default personal certificate if there are multiple certificates

ikeycmd -cert  -setdefault  -db keystore.kdb  -label "personal certificate name in KDB file"  -pw "password of kdb file"

8) Below command will import certificate into kdb file. 

ikeycmd -cert  -import -file  "Certificate file"   -pw "password of  the certificate file"   -type pkcs12 -label "personal certificate name to be in KDB file"  

-target_pw   "password of kdb file" -target_type CMS

9) Below command will help to delete certificate from kdb file. 

ikeycmd -cert  -delete -label  "Certificate name we need  to delete from KDB file" -db keystore.kdb -pw "password of kdb file" 

Keytool Commands

which keytool
The will display the default keytool path.

 1) keytool -list -cacerts
This will show cacerts in the server.

2) keytool -list -keystore cacerts

3) keytool --v list -keystore cacerts -storepassword "password"
This will show the certificate in verbose mode.

This will show keystore file. It will prompt for keystore password. You need to provide the password for keystore.


4) keytool --importcert -trustcacerts -noprompt -file "certificatename.cer" -cacerts -alias "certificatelabelname" -storepass "password of the file"
This will import the certificate into cacerts 

5) keytool --importkeystore -srckeystore "file.pfx" -srcstoretype pkcs12 -destkeystore "file.jks"-deststoretype JKS -srcstorepass "source keystore password" -deststorepass "destination key store password"
This will import pcks12 certificate that contains root and intermediate into jks format. 

5) keytool --importcert -alias "certificatename in targetfile" -file "file.crt" -keystore "file.jks" -storepass "password of store key password"
This will import new ca certificate into the jks file.

6) keytool  -printcert -file certificate.crt 

This will print the certificate of the file with certificate name , its validitiy and finger print.

7) keytool  -showinfo -tls

This will show the TLS version of the environment and chipers available in this.

8) keytool  -v -list -cacerts -alias "certificatename"

This will show the alias certificate name.

9) keytool -list -keystore -storetype pkcs12 -storepass "keystore password"

This will show the keystore in the server.

10) keytool -import -trustcacerts -alias "certificate alias name "-file C:\temp\mdeCert.cer -keystore cacerts

This will import the certificate into keystore.