install-cert <connect_options> [--echo|-e] [--no-prompt|-Q] [--verbose|-v] [--token|-t name] [--replace|-a] [--file-on-server|-f] [--token-pin|-P name] --config|-c config-name --cert-type|-y server|chain|ca --nickname|-n nickname cert-file
Use this command to install a certificate. Before you begin, you should have the certificate (DER) text from a certificate authority (CA). When you receive a certificate from the CA, it will be encrypted with your public key, which only you can decrypt. Web Server will use the key-pair file password you specify to decrypt the certificate when you install it.
For connect_options description, see help(1).
Specify this option to print this command on the standard output before executing. This option also prints the default value for all the non-mandatory options that you do not provide in the command.
If you specify this option, wadm will not prompt you for passwords while executing this command. Use this option if you have defined all passwords in a password file and specified the file using the --password-file connect_option.
Specify this option to display a verbose output.
Specify the token (cryptographic device), which contains the encrypted public key.
Specify the name of the configuration for which you are installing the certificate.
If you specify this option, the command replaces the existing certificate (if any).
--replace option of install-cert CLI is deprecated and currently using this option may not work as expected. For replacing a CA-signed certificate, users should delete the cert using delete-cert CLI and then install the new one using install-cert CLI.
Specify the type of certificates. The values can be server-cert, cert-chain, or trusted-ca.
server-cert — Indicates that the server will use the key-pair file password you specify to decrypt the certificate when you install it.
cert-chain — Allows the SSL connection to continue at the client's discretion when the client does not recognize the certificate's CA. Certificate chaining is the process of presenting your CA's certificate in addition to your own.
trusted-ca — Accepts the certificate of a CA as a trusted CA for client authentication.
If you specify this option, the command stores a copy of the certificate file on the server where you install the certificate.
Specify the nick name or the short name of the certificate.
Specify the Personal Identification Number (PIN) required to initialize the token. You can also define the token-pin in the password file.
wadm install-cert --user=admin --host=serverhost --port=8989 --ssl=true --prompt=false --rcfile=null --password-file=certdb.newpasswd --config=config1 --token=internal --cert-type=server --nickname=cert1 certbin.req
The following exit values are returned:
command executed successfully
error in executing the command