Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
# Copyright 2017-2024 Ping Identity Corporation
# All Rights Reserved.
#
# -----
#
# Copyright 2017-2024 Ping Identity Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# -----
#
# Copyright (C) 2017-2024 Ping Identity Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License (GPLv2 only)
# or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see .
# The fully-qualified name of the class to create.
class.name=com.unboundid.util.ssl.cert.CertMessages
ERR_CERT_ENCODE_ERROR=An error occurred while attempting to encode X.509 \
certificate {0} using the provided information: {1}
ERR_CERT_ENCODE_NAME_CANNOT_GET_SCHEMA=Unable to encoded DN ''{0}'' for \
inclusion in an encoded X.509 certificate because an error occurred while \
trying to get the default standard schema: {1}
ERR_CERT_ENCODE_NAME_UNKNOWN_ATTR_TYPE=Unable to encode DN ''{0}'' for \
inclusion in an encoded X.509 certificate because it includes attribute \
''{1}'' that is not defined in the default standard schema.
ERR_CERT_ENCODE_NAME_ERROR=Unable to encode DN ''{0}'' for inclusion in an \
encoded X.509 certificate: {1}
ERR_CERT_DECODE_NOT_SEQUENCE=Unable to decode the provided byte array \
as an X.509 certificate because the contents of the array could not be \
parsed as a DER sequence: {0}
ERR_CERT_DECODE_UNEXPECTED_SEQUENCE_ELEMENT_COUNT=Unable to decode the \
provided byte array as an X.509 certificate because the DER sequence \
contained {0,number,0}, which is different from the three elements \
(tbsCertificate, signatureAlgorithm, and signatureValue) that were expected.
ERR_CERT_DECODE_FIRST_ELEMENT_NOT_SEQUENCE=Unable to decode the provided \
byte array as an X.509 certificate because the first element of the DER \
sequence (expected to be the tbsCertificate element) could not itself be \
parsed as a DER sequence: {0}
ERR_CERT_DECODE_CANNOT_PARSE_VERSION=Unable to decode the provided byte \
array as an X.509 certificate because an error was encountered while trying \
to parse the X.509 certificate version as an integer: {0}
ERR_CERT_DECODE_UNSUPPORTED_VERSION=Unable to decode the provided byte array \
as an X.509 certificate because it appears to have a version number of \
{0,number,0}, which not a supported version. Only versions 1, 2, and 3 are \
supported.
ERR_CERT_DECODE_CANNOT_PARSE_SERIAL_NUMBER=Unable to decode the provided byte \
array as an X.509 certificate because an error was encountered while trying \
to parse the serial number as an integer: {0}
ERR_CERT_DECODE_CANNOT_PARSE_SIG_ALG=Unable to decode the provided byte \
array as an X.509 certificate because an error was encountered while trying \
to parse the signature algorithm: {0}
ERR_CERT_DECODE_CANNOT_PARSE_ISSUER_DN=Unable to decode the provided byte \
array as an X.509 certificate because an error was encountered while trying \
to parse the issuer DN: {0}
ERR_CERT_DECODE_NOT_BEFORE_UNEXPECTED_TYPE=Unable to decode the provided byte \
array as an X.509 certificate because the notBefore element had an \
unexpected BER type of {0}, which does not match the universal BER type for \
either a UTC time ({1}) or generalized time ({2}) element.
ERR_CERT_DECODE_NOT_AFTER_UNEXPECTED_TYPE=Unable to decode the provided byte \
array as an X.509 certificate because the notAfter element had an \
unexpected BER type of {0}, which does not match the universal BER type for \
either a UTC time ({1}) or generalized time ({2}) element.
ERR_CERT_DECODE_COULD_NOT_PARSE_VALIDITY=Unable to decode the provided byte \
array as an X.509 certificate because an error occurred while trying to \
parse the validity sequence: {0}
ERR_CERT_DECODE_CANNOT_PARSE_SUBJECT_DN=Unable to decode the provided byte \
array as an X.509 certificate because an error was encountered while trying \
to parse the subject DN: {0}
ERR_CERT_DECODE_CANNOT_PARSE_PUBLIC_KEY_INFO=Unable to decode the provided \
byte array as an X.509 certificate because an error occurred while trying \
to parse the subject public key info element: {0}
ERR_CERT_DECODE_CANNOT_PARSE_ISSUER_UNIQUE_ID=Unable to decode the provided \
byte array as an X.509 certificate because an error occurred while trying \
to parse the issuer unique ID element: {0}
ERR_CERT_DECODE_CANNOT_PARSE_SUBJECT_UNIQUE_ID=Unable to decode the provided \
byte array as an X.509 certificate because an error occurred while trying \
to parse the subject unique ID element: {0}
ERR_CERT_DECODE_CANNOT_PARSE_EXTENSION=Unable to decode the provided byte \
array as an X.509 certificate because an error occurred while trying to \
parse the set of certificate extensions: {0}
ERR_CERT_DECODE_SIG_ALG_MISMATCH=Unable to decode the provided byte array as \
an X.509 certificate because there is a mismatch between the signature \
algorithm contained in the tbsCertificate sequence ({0}) and the signature \
algorithm contained in the outer certificate sequence ({1}). These \
signature algorithms must match.
ERR_CERT_DECODE_CANNOT_PARSE_SIG_VALUE=Unable to decode the provided byte \
array as an X.509 certificate because an error occurred while trying to \
parse the signature value: {0}
ERR_CERT_GEN_SELF_SIGNED_CANNOT_GET_KEY_GENERATOR=Unable to get a key \
generator instance for the ''{0}'' public key algorithm: {1}
ERR_CERT_GEN_SELF_SIGNED_INVALID_KEY_SIZE=Unable to use a key size of \
{0,number,0} bits with the ''{1}'' key algorithm: {2}
ERR_CERT_GEN_SELF_SIGNED_CANNOT_GENERATE_KEY_PAIR=An error occurred while \
attempting to generate the {0,number,0}-bit {1} key pair for the \
certificate: {2}
ERR_CERT_GEN_SELF_SIGNED_CANNOT_PARSE_KEY_PAIR=An error occurred while \
attempting to parse the key pair to get the public key elements and \
construct a subject key identifier: {0}
ERR_CERT_GEN_ISSUER_SIGNED_CANNOT_GENERATE_KEY_ID=An error occurred while \
attempting to generate a subject key identifier for the certificate: {0}
ERR_CERT_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR=Unable to get a \
signature generator for the ''{0}'' signature algorithm: {1}
ERR_CERT_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR=Unable to initialize \
the ''{0}'' signature generator with the provided private key: {1}
ERR_CERT_GEN_SIGNATURE_CANNOT_COMPUTE=An error occurred while attempting to \
compute the ''{0}'' signature for the certificate: {1}
ERR_CERT_DECODE_NAME_NOT_SEQUENCE=An error occurred while trying to parse the \
name as an RDN sequence: {0}
ERR_CERT_DECODE_CANNOT_PARSE_NAME_SEQUENCE_ELEMENT=An error occurred while \
trying to parse RDN element {0,number,0} in the name sequence: {1}
ERR_CERT_VERIFY_SIGNATURE_ISSUER_CERT_NOT_PROVIDED=ERROR: Unable to verify \
the certificate signature because the certificate is not self-signed and no \
issuer certificate was provided.
ERR_CERT_VERIFY_SIGNATURE_CANNOT_GET_PUBLIC_KEY=ERROR: Unable to verify the \
certificate signature because an error occurred while attempting to get the \
public key from the issuer certificate: {0}
ERR_CERT_VERIFY_SIGNATURE_CANNOT_GET_SIGNATURE_VERIFIER=Unable verify the \
certificate signature because an error occurred while trying to get a \
signature verifier for the ''{0}'' signature algorithm: {1}
ERR_CERT_VERIFY_SIGNATURE_CANNOT_INIT_SIGNATURE_VERIFIER=Unable to initialize \
the ''{0}'' signature verifier with the issuer certificate''s public key: \
{1}
ERR_CERT_VERIFY_SIGNATURE_NOT_VALID=ERROR: Certificate ''{0}'' has an \
invalid signature.
ERR_CERT_VERIFY_SIGNATURE_ERROR=ERROR: An error occurred while attempting to \
verify the signature for certificate ''{0}'': {1}
ERR_CERT_CANNOT_COMPUTE_FINGERPRINT=An error occurred while trying to \
compute a {0} fingerprint of the certificate: {1}
INFO_CERT_IS_ISSUER_FOR_DN_MISMATCH=The certificate with subject DN ''{0}'' \
is not the issuer for certificate with subject DN ''{1}'' because that \
certificate has an issuer DN of ''{2}''.
INFO_CERT_IS_ISSUER_FOR_KEY_ID_MISMATCH=The certificate with subject DN \
''{0}'' is not the issuer for certificate with subject DN ''{1}'' because \
the authority key identifier for certificate ''{1}'' does not match the \
subject key identifier for certificate ''{0}''.
ERR_CSR_DECODE_NOT_SEQUENCE=Unable to decode the provided byte array \
as a PKCS #10 certificate signing request because the contents of the array \
could not be parsed as a DER sequence: {0}
ERR_CSR_DECODE_UNEXPECTED_SEQUENCE_ELEMENT_COUNT=Unable to decode the \
provided byte array as a PKCS #10 certificate signing request because the \
DER sequence contained {0,number,0}, which is different from the three \
elements (CertificationRequestInfo, SignatureAlgorithm, and Signature) that \
were expected.
ERR_CSR_DECODE_FIRST_ELEMENT_NOT_SEQUENCE=Unable to decode the provided \
byte array as a PKCS #10 certificate signing request because the first \
element of the DER sequence (expected to be the CertificationRequestInfo \
element) could not itself be parsed as a DER sequence: {0}
ERR_CSR_DECODE_CANNOT_PARSE_VERSION=Unable to decode the provided byte \
array as a PKCS #10 certificate signing request because an error was \
encountered while trying to parse the version element as an integer: {0}
ERR_CSR_DECODE_UNSUPPORTED_VERSION=Unable to decode the provided byte array \
as a PKCS #10 certificate signing request because it appears to have a \
version number of {0,number,0}, which not a supported version. Only \
versions 1 is supported.
ERR_CSR_DECODE_CANNOT_PARSE_SUBJECT_DN=Unable to decode the provided byte \
array as a PKCS #10 certificate signing request because an error was \
encountered while trying to parse the subject DN: {0}
ERR_CSR_DECODE_CANNOT_PARSE_PUBLIC_KEY_INFO=Unable to decode the provided \
byte array as a PKCS #10 certificate signing request because an error \
occurred while trying to parse the subject public key info element: {0}
ERR_CSR_DECODE_CANNOT_PARSE_ATTRS=Unable to decode the provided \
byte array as a PKCS #10 certificate signing request because an error \
occurred while trying to parse the request attributes: {0}
ERR_CSR_DECODE_CANNOT_PARSE_EXT_ATTR=Unable to decode the provided \
byte array as a PKCS #10 certificate signing request because an error \
occurred while trying to parse a request attribute with OID {0} as an X.509 \
certificate extension: {1}
ERR_CSR_DECODE_CANNOT_PARSE_SIG_ALG=Unable to decode the provided byte \
array as a PKCS #10 certificate signing request because an error was \
encountered while trying to parse the signature algorithm: {0}
ERR_CSR_DECODE_CANNOT_PARSE_SIG_VALUE=Unable to decode the provided byte \
array as a PKCS #10 certificate signing request because an error occurred \
while trying to parse the signature value: {0}
ERR_CSR_ENCODE_ERROR=An error occurred while attempting to encode PKCS #10 \
certificate signing request {0} using the provided information: {1}
ERR_CSR_GEN_CANNOT_PARSE_KEY_PAIR=An error occurred while attempting to parse \
the generated key pair to get the public key elements: {0}
ERR_CSR_GEN_SIGNATURE_CANNOT_GET_SIGNATURE_GENERATOR=Unable to get a \
signature generator for the ''{0}'' signature algorithm: {1}
ERR_CSR_GEN_SIGNATURE_CANNOT_INIT_SIGNATURE_GENERATOR=Unable to initialize \
the ''{0}'' signature generator with the provided private key: {1}
ERR_CSR_GEN_SIGNATURE_CANNOT_COMPUTE=An error occurred while attempting to \
compute the ''{0}'' signature for the certificate signing request: {1}
ERR_CSR_VERIFY_SIGNATURE_CANNOT_GET_PUBLIC_KEY=Unable to verify the \
certificate signing request signature because an error occurred while \
attempting to parse the request''s public key: {0}
ERR_CSR_VERIFY_SIGNATURE_CANNOT_GET_SIGNATURE_VERIFIER=Unable to verify the \
certificate signing request signature because an error occurred while \
attempting to get a signature verifier for the ''{0}'' signature \
algorithm: {1}
ERR_CSR_VERIFY_SIGNATURE_CANNOT_INIT_SIGNATURE_VERIFIER=Unable to verify the \
certificate signing request signature because an error occurred while \
attempting to initialize the ''{0}'' signature verifier with the request''s \
public key: {1}
ERR_CSR_VERIFY_SIGNATURE_NOT_VALID=ERROR: The certificate signing request \
with subject ''{0}'' has an invalid signature.
ERR_CSR_VERIFY_SIGNATURE_ERROR=ERROR: An error occurred while attempting to \
verify the signature for the certificate signing request with subject \
''{0}'': {1}
ERR_PRIVATE_KEY_DECODE_NOT_SEQUENCE=Unable to decode the provided byte array \
as a PKCS #8 private key because the contents of the array could not be \
parsed as a DER sequence: {0}
ERR_PRIVATE_KEY_DECODE_NOT_ENOUGH_ELEMENTS=Unable to decode the provided byte \
array as a PKCS #8 private key because the private key sequence only had \
{0,number,0} elements, while the sequence should have a minimum of three \
elements.
ERR_PRIVATE_KEY_DECODE_CANNOT_PARSE_VERSION=Unable to decode the provided \
byte array as a PKCS #8 private key because an error occurred while trying \
to parse the private key version: {0}
ERR_PRIVATE_KEY_DECODE_UNSUPPORTED_VERSION=Unable to decode the provided byte \
array as a PKCS #8 private key because it appears to have a version number \
of {0,number,0}, which is not a supported version. Only versions 1 and 2 \
are supported.
ERR_PRIVATE_KEY_DECODE_CANNOT_PARSE_ALGORITHM=Unable to decode the provided \
byte array as a PKCS #8 private key because an error occurred while trying \
to parse the private key algorithm: {0}
ERR_PRIVATE_KEY_DECODE_CANNOT_PARSE_PUBLIC_KEY=Unable to decode the provided \
byte array as a PKCS #8 private key because an error occurred while trying \
to parse the public key: {0}
ERR_PRIVATE_KEY_WRAP_RSA_KEY_ERROR=An error occurred while trying to wrap an \
RSA private key in a PKCS #8 private key envelope: {0}
ERR_PRIVATE_KEY_ENCODE_ERROR=An error occurred while trying to encode PKCS #8 \
private key {0}: {1}
ERR_EXTENSION_DECODE_ERROR=An error occurred while trying to decode an ASN.1 \
element as an X.509 certificate extension: {0}
ERR_EXTENSION_ENCODE_ERROR=Unable to encode X.509 certificate extension \
{0}: {1}
ERR_AUTHORITY_KEY_ID_EXTENSION_CANNOT_PARSE=Unable to parse the provided \
X.509 certificate extension {0} as an authority key identifier extension: \
{1}
INFO_AUTHORITY_KEY_ID_EXTENSION_NAME=Authority Key Identifier
ERR_KEY_USAGE_EXTENSION_CANNOT_PARSE=Unable to parse the provided X.509 \
certificate extension {0} as key usage extension: {1}
INFO_KEY_USAGE_EXTENSION_NAME=Key Usage
ERR_SUBJECT_KEY_ID_EXTENSION_CANNOT_PARSE=Unable to parse the provided X.509 \
certificate extension {0} as a subject key identifier extension: {1}
INFO_SUBJECT_KEY_IDENTIFIER_EXTENSION_NAME=Subject Key Identifier
ERR_GENERAL_NAMES_CANNOT_PARSE=Unable to parse the provided element as a \
general names element: {0}
ERR_GENERAL_NAMES_CANNOT_ENCODE=An error occurred while trying to encode \
general names element {0}: {1}
ERR_GENERAL_ALT_NAME_EXTENSION_CANNOT_PARSE=Unable to parse the provided \
X.509 certificate extension {0} as an extension of type {1}: {2}
INFO_SUBJECT_ALT_NAME_EXTENSION_NAME=Subject Alternative Name
INFO_ISSUER_ALT_NAME_EXTENSION_NAME=Issuer Alternative Name
ERR_BASIC_CONSTRAINTS_EXTENSION_CANNOT_PARSE=Unable to parse the provided \
X.509 certificate extension {0} as a basic constraints extension: {1}
INFO_BASIC_CONSTRAINTS_EXTENSION_NAME=Basic Constraints
ERR_EXTENDED_KEY_USAGE_EXTENSION_CANNOT_PARSE=Unable to parse the provided \
X.509 certificate extension {0} as an extended key usage extension: {1}
ERR_EXTENDED_KEY_USAGE_EXTENSION_CANNOT_ENCODE=An error occurred while trying \
to encode the value of an extended key usage extension with key usage IDs \
{0}: {1}
INFO_EXTENDED_KEY_USAGE_EXTENSION_NAME=Extended Key Usage
INFO_EXTENDED_KEY_USAGE_ID_TLS_SERVER_AUTHENTICATION=TLS Server Authentication
INFO_EXTENDED_KEY_USAGE_ID_TLS_CLIENT_AUTHENTICATION=TLS Client Authentication
INFO_EXTENDED_KEY_USAGE_ID_CODE_SIGNING=Code Signing
INFO_EXTENDED_KEY_USAGE_ID_EMAIL_PROTECTION=Email Protection
INFO_EXTENDED_KEY_USAGE_ID_TIME_STAMPING=Time Stamping
INFO_EXTENDED_KEY_USAGE_ID_OCSP_SIGNING=OCSP Signing
ERR_CRL_DP_UNRECOGNIZED_NAME_ELEMENT_TYPE=Unable to decode the provided ASN.1 \
element as a CRL distribution point because the distributionPoint element \
had a nested element with an unexpected DER type of {0}.
ERR_CRL_DP_CANNOT_DECODE=Unable to decode the provided ASN.1 element as a CRL \
distribution point: {0}
ERR_CRL_DP_ENCODE_CANNOT_GET_SCHEMA=Unable to encode CRL distribution point \
{0} because an error occurred while trying to get the default standard \
schema for use in encoding nameRelativeToCRLIssuer value ''{1}'': {2}
ERR_CRL_DP_ENCODE_UNKNOWN_ATTR_TYPE=Unable to encode CRL distribution point \
{0} because nameRelativeToCRLIssuer value ''{1}'' includes attribute type \
''{2}'' that is not defined in the default standard schema.
ERR_CRL_DP_ENCODE_ERROR=Unable to encode CRL distribution point {0} because \
an error occurred while trying to encode nameRelativeToCRLIssuer value \
''{1}'': {2}
ERR_CRL_DP_EXTENSION_CANNOT_PARSE=Unable to parse the provided X.509 \
certificate extension {0} as a CRL distribution points extension: {1}
INFO_CRL_DP_EXTENSION_NAME=CRL Distribution Points
ERR_RSA_PUBLIC_KEY_CANNOT_DECODE=Unable to decode the X.509 certificate \
public key as an RSA public key: {0}
ERR_RSA_PRIVATE_KEY_UNSUPPORTED_VERSION=Unable to decode the PKCS #8 private \
key as an RSA private key because it has an unsupported version of \
{0,number,0}. Only versions 0 and 1 are supported.
ERR_RSA_PRIVATE_KEY_CANNOT_DECODE=Unable to decode the PKCS #8 private key \
as an RSA private key: {0}
ERR_EC_PUBLIC_KEY_PARSE_UNEXPECTED_UNCOMPRESSED_FIRST_BYTE=Unable to decode \
the X.509 certificate public key as an elliptic curve public key because \
the public key has a size of {0,number,0} bytes, indicating that it uses \
the uncompressed form of the point, but the value of the first byte is {1} \
rather than the expected value of 04.
ERR_EC_PUBLIC_KEY_PARSE_UNEXPECTED_COMPRESSED_FIRST_BYTE=Unable to decode \
the X.509 certificate public key as an elliptic curve public key because \
the public key has a size of {0,number,0} bytes, indicating that it uses \
the compressed form of the point, but the value of the first byte is {1} \
rather than the expected value of 02 (to indicate that the y coordinate is \
even) or 0x03 (to indicate that the y coordinate is odd).
ERR_EC_PUBLIC_KEY_PARSE_UNEXPECTED_SIZE=Unable to decode the X.509 \
certificate public key as an elliptic curve public key because the public \
key has a size of {0,number,0} bytes, which does not match the expected \
size for a 256-bit or 384-bit compressed or uncompressed elliptic curve \
public key.
ERR_EC_PUBLIC_KEY_PARSE_ERROR=Unable to decode the X.509 certificate \
public key as an elliptic curve public key: {0}
ERR_EC_PUBLIC_KEY_ENCODE_X_TOO_LARGE=Unable to encode elliptic curve public \
key {0} because the x coordinate value requires {1,number,0} bytes to \
encode, which is larger than the maximum allowed size of 32 bytes.
ERR_EC_PUBLIC_KEY_ENCODE_Y_TOO_LARGE=Unable to encode elliptic curve public \
key {0} because the y coordinate value requires {1,number,0} bytes to \
encode, which is larger than the maximum allowed size of 32 bytes.
ERR_EC_PRIVATE_KEY_UNSUPPORTED_VERSION=Unable to decode the PKCS #8 private \
key as an elliptic curve private key because it has an unsupported version \
of {0,number,0}. Only version 1 is supported.
ERR_EC_PRIVATE_KEY_CANNOT_DECODE=Unable to decode the PKCS #8 private key \
as an elliptic curve private key: {0}
ERR_EC_PRIVATE_KEY_CANNOT_ENCODE=An error occurred while trying to encode \
elliptic curve private key {0}: {1}
ERR_MANAGE_CERTS_SECURITY_MANAGER_EXIT_NOT_ALLOWED=VM exit is not allowed.
INFO_MANAGE_CERTS_TOOL_DESC=Manage certificates and private keys in a JKS, \
PKCS #12, PKCS #11, or BCFKS key store.
INFO_MANAGE_CERTS_PLACEHOLDER_ALIAS='{'alias'}'
INFO_MANAGE_CERTS_PLACEHOLDER_BITS='{'bits'}'
INFO_MANAGE_CERTS_PLACEHOLDER_FORMAT='{'format'}'
INFO_MANAGE_CERTS_PLACEHOLDER_HOST='{'host'}'
INFO_MANAGE_CERTS_PLACEHOLDER_IP='{'ipAddress'}'
INFO_MANAGE_CERTS_PLACEHOLDER_NAME='{'name'}'
INFO_MANAGE_CERTS_PLACEHOLDER_OID='{'oid'}'
INFO_MANAGE_CERTS_PLACEHOLDER_PASSWORD='{'password'}'
INFO_MANAGE_CERTS_PLACEHOLDER_PORT='{'port'}'
INFO_MANAGE_CERTS_PLACEHOLDER_TYPE='{'type'}'
INFO_MANAGE_CERTS_PLACEHOLDER_TIMESTAMP='{'YYYYMMDDhhmmss'}'
INFO_MANAGE_CERTS_PLACEHOLDER_URI='{'uri'}'
INFO_MANAGE_CERTS_SC_LIST_CERTS_DESC=Displays a list of some or all of the \
certificates in a key store.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_DESC=The path to the key store file \
containing the certificates to list. Either this argument or the \
--useJVMDefaultTrustStore argument must be provided, and if this argument \
is given, then the specified file must exist.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_JVM_DEFAULT_DESC=List certificates from \
the JVM-default trust store ({0}).
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. A \
key store password is optional for some key store types, but may be \
required for others.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is optional for some key store types, but may be \
required for others. If a key store password file is supplied, then the \
file must exist, must contain only one line, and that line must consist \
only of the clear-text key store password.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is optional for \
some key store types, but may be required for others.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when listing certificates, but it \
may be required in some cases (for example, when listing the certificates \
in a BCFKS key store when not operating in FIPS 140-2-compliant mode). The \
value must be one of ''JKS'' (for the Java Key Store format), ''PKCS12'' \
(for the standard PKCS #12 format), ''PKCS11'' (for PKCS #11 tokens), or \
''BCFKS'' (for the Bouncy Castle FIPS 140-2-compliant Key Store format). \
If this is not provided, then an attempt will be made to automatically \
infer the correct key store type.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_ALIAS_DESC=The alias (also called a \
nickname) of a certificate to include in the output. This argument may be \
provided multiple times to identify multiple certificates to include. If \
this argument is provided, then only the listed certificates will be \
displayed. If this argument is omitted, then all certificates will be \
listed.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_PEM_DESC=Include a PEM-encoded \
representation of each certificate in the output.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_VERBOSE_DESC=Display verbose information \
about each of the certificates. If this argument is not provided, then the \
listing will only include basic summary information for each certificate, \
including its subject and issuer DNs, validity start and end times, and \
fingerprints. If this argument is provided, then additional information, \
including the X.509 certificate version, serial number, signature algorithm \
and value, public key algorithm and content, and extensions, will also be \
included.
INFO_MANAGE_CERTS_SC_LIST_CERTS_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_1=Display basic information about \
all of the certificates in the ''{0}'' key store file.
INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_2=Display verbose information about \
the ''server-cert'' certificate in the ''{0}'' key store file, whose \
contents are protected by a password contained in the ''{1}'' file. It \
will also display a command that can be used to accomplish a similar result \
using the Java keytool utility, along with a PEM-encoded representation of \
the certificate.
INFO_MANAGE_CERTS_SC_LIST_CERTS_EXAMPLE_3=Display basic information about \
all of the certificates in the JVM''s default trust store file.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_DESC=Exports a certificate or certificate \
chain from a key store.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_DESC=The path to the key store file \
containing the certificates to export. This is required, and the key store \
file must exist.
INFO_MANAGE_CERTS_SC_EXPORT_CERTS_ARG_JVM_DEFAULT_DESC=Export certificates \
from the JVM-default trust store ({0}).
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. A \
key store password is optional for some key store types, but may be \
required for others.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is optional for some key store types, but may be \
required for others. If a key store password file is supplied, then the \
file must exist, must contain only one line, and that line must consist \
only of the clear-text key store password.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is optional for \
some key store types, but may be required for others.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when exporting certificates, but \
it may be required in some cases (for example, when listing the \
certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant key store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the certificate to export. This is required, and it may only \
be provided once.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_CHAIN_DESC=Indicates that the entire \
certificate chain (the target certificate and all of the certificates in \
its issuer chain) should be exported rather than just the specified target \
certificate.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FORMAT_DESC=The output format to use for \
the exported certificate. The value may be either ''PEM'' (to export the \
certificate in the text-based PEM format), or ''DER'' (to export the \
certificate in the binary DER format). If this is not provided, then the \
PEM output format will be used.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_FILE_DESC=The path to the output file \
to which the exported certificate should be written. An output file is \
optional when using the PEM format, but required when using the DER \
format. If no output file is provided, then the exported certificate will \
be written to standard output.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_SEPARATE_FILE_DESC=Indicates that if \
multiple certificates are to be exported, then each certificate should be \
written to a different file rather than concatenating all of them into the \
same file. This can only be used if both the --export-certificate-chain \
and --output-file arguments are also provided.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_1=Export the ''server-cert'' \
certificate in PEM format to standard output.
INFO_MANAGE_CERTS_SC_EXPORT_CERT_EXAMPLE_2=Export the ''server-cert'' \
certificate, and all of the certificates in its issuer chain, to the \
specified output file in the binary DER format. It will also display a \
command that can be used to accomplish a similar result using the \
Java keytool utility.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_DESC=Exports a private key from a key store.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_DESC=The path to the key store file \
containing the private key to export. This is required, and the key store \
file must exist.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. A \
key store password is required when exporting a private key, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is required when exporting a private key, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. If a key store \
password file is supplied, then the file must exist, must contain only one \
line, and that line must consist only of the clear-text key store password.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is required when \
exporting a private key, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_DESC=The password (also called a \
passphrase or PIN) used to protect the private key. In many cases, the \
private key password will be the same as the password used to protect the \
key store itself, and in such instances, the private key password can be \
omitted and the key store password will be used. However, if a private key \
is protected with a different password than the key store itself, then one \
of the --private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments must be provided.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PK_PW_FILE_DESC=The path to a file \
containing the password used to protect the private key. In many cases, \
the private key password will be the same as the password used to protect \
the key store itself, and in such instances, the private key password can \
be omitted and the key store password will be used. However, if a private \
key is protected with a different password than the key store itself, then \
one of the --private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments must be provided. If a private \
key password file is supplied, then the file must exist, must contain only \
one line, and that line must consist only of the clear-text private key \
password.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_PK_PW_DESC=Interactively \
prompt for the private key password. In many cases, the private key \
password will be the same as the password used to protect the key store \
itself, and in such instances, the private key password can be omitted and \
the key store password will be used. However, if a private key is \
protected with a different password than the key store itself, then one of \
the --private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments must be provided.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when exporting private keys, but \
it may be required in some cases (for example, when listing the \
certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant Key Store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the private key to export. This is required, and it may only \
be provided once.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FORMAT_DESC=The output format to use for \
the exported private key. The value may be either ''PEM'' (to export the \
private key in the text-based PEM format), or ''DER'' (to export the key in \
the binary DER format). If this is not provided, then the PEM output \
format will be used.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_FILE_DESC=The path to the output file to \
which the exported private key should be written. An output file is \
optional when using the PEM format, but required when using the DER \
format. If no output file is provided, then the exported private key will \
be written to standard output.
INFO_MANAGE_CERTS_SC_EXPIRT_KEY_ARG_ENC_PW_DESC=The password to use to encrypt \
the exported private key. At most one of the --encryption-password, \
--encryption-password-file, and --prompt-for-encryption-password arguments \
may be provided. If none of those arguments is provided, then the private \
key will not be encrypted.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_ENC_PW_FILE_DESC=The path to a file \
containing the password to use to encrypt the exported private key. If \
provided, the file must exist, must contain only one line, and that line \
must consist only of the clear-text encryption password. At most one of the \
--encryption-password, --encryption-password-file, and \
--prompt-for-encryption-password arguments may be provided. If none of \
those arguments is provided, then the private key will not be encrypted.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_ARG_PROMPT_FOR_ENC_PW=Interactively prompt for \
the password to use to encrypt the exported private key. At most one of the \
--encryption-password, --encryption-password-file, and \
--prompt-for-encryption-password arguments may be provided. If none of \
those arguments is provided, then the private key will not be encrypted.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_1=Export the private key for the \
''server-cert'' certificate to standard output in PEM format.
INFO_MANAGE_CERTS_SC_EXPORT_KEY_EXAMPLE_2=Export the private key for the \
''server-cert'' certificate to the specified output file in the binary DER \
format.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_DESC=Imports a certificate or certificate \
chain, and optionally a private key, into a key store.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_DESC=The path to the key store file \
into which the certificates and key should be imported. This is required, \
but if the file does not exist, then it will be created.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. If the \
key store does not exist, then it will be created with this password. A \
key store password is required when importing certificates, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_PW_FILE_DESC=The password (also \
called a passphrase or PIN) needed to access the contents of the \
key store. If the key store does not exist, then it will be created with \
this password. A key store password is required when importing \
certificates, so one of the --keystore-password, --keystore-password-file, \
or --prompt-for-keystore-password arguments must be provided. If a key \
store password file is supplied, then the file must exist, must contain \
only one line, and that line must consist only of the clear-text key store \
password. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. If the key store does not exist, then \
it will be created with this password. A key store password is required \
when importing certificates, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KS_TYPE_DESC=The key store type for the \
key store to create. This argument should only be provided when creating a \
new key store, and it will be ignored if the key store already exists. The \
value must be one of ''JKS'' (for the Java Key Store format), ''PKCS12'' \
(for the standard PKCS #12 format), ''PKCS11'' (for PKCS #11 tokens), or \
''BCFKS'' (for the Bouncy Castle FIPS 140-2-compliant Key Store format). \
If this is not provided, then a default key store type of ''JKS'' will be \
used for newly-created key stores.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ALIAS_DESC=The alias (also called a \
nickname) to use for the imported certificate. If multiple certificates \
are to be imported, then the behavior depends on whether a private key will \
also be imported. When importing a certificate chain along with a private \
key, then the alias must not already exist in the key store, and the \
private key and the entire certificate chain will be stored under this \
alias. When importing a certificate for which the corresponding private \
key already exists in the key store (for example, if you used the \
generate-certificate-request subcommand to create a certificate signing \
request and are now importing the signed certificate), then you should use \
the same alias that is used for the existing private key, and you should \
provide the complete certificate chain. When importing a certificate \
for which the corresponding private key does not already exist in the \
key store and for which the private key is not being provided by the \
--private-key-file argument, then the alias must not already exist in the \
key store, and any provided issuer certificates (which you should provide \
if they do not already exist in the key store and are not in the JVM''s \
default set of trusted issuer certificates) will be imported with aliases \
that are generated from the provided alias. If there is only one issuer \
certificate to be imported, then it will be stored with an alias that is \
the provided alias with ''-issuer'' appended onto it. If there are \
multiple issuer certificates to be imported, then their aliases will be the \
provided alias with ''-issuer-#'' appended onto it, where ''#'' will be \
''1'' for the first issuer certificate, ''2'' for the second, and so on. \
This is a required argument.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_CERT_FILE_DESC=The path to a file \
containing a certificate or certificate chain to import. The certificates \
in the file may be stored either in the text-based PEM or the binary DER \
format, but if the file contains multiple certificates, then they must all \
be in the same format. You may also provide this argument multiple times \
to specify multiple files containing certificates to import. However, if \
multiple certificates are provided, then they must all form a certificate \
chain in which each subsequent certificate is the issuer certificate for \
the previous certificate. When importing a non-self-signed certificate, \
you should ensure that its issuer certificate is also being imported, is \
already in the key store under a different alias, or is in the JVM''s \
default set of trusted certificates. At least one certificate file is \
required.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_KEY_FILE_DESC=The path to a file \
containing the private key for the end certificate in the chain to be \
imported. It may be stored in either the text-based PEM or the binary \
DER format. This is an optional argument, and at most one private key file \
may be specified, and that file may contain only a single private key.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_DESC=The password (also called a \
passphrase or PIN) to use to protect the private key. This is only needed \
when importing a private key along with a certificate chain, or when \
importing a certificate chain into an alias with an existing private key. \
In many cases, the private key password will be the same as the key store \
password and in such instances, the private key password can be omitted and \
the key store password will be used as the private key password. However, \
if you are importing a private key and wish to protect it with a password \
that does not match the key store password, or if you are importing a new \
certificate chain for an existing private key that uses a password that \
does not match the key store password, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be provided.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PK_PW_FILE_DESC=The path to a file \
containing the password to use to protect the private key. This is only \
needed when importing a private key along with a certificate chain, or when \
importing a certificate chain into an alias with an existing private key. \
In many cases, the private key password will be the same as the key store \
password and in such instances, the private key password can be omitted and \
the key store password will be used as the private key password. \
However, if you are importing a private key and wish to protect it with a \
password that does not match the key store password, or if you are importing \
a new certificate chain for an existing private key that uses a password \
that does not match the key store password, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be provided. If a \
private key password file is supplied, then the file must exist, must \
contain only one line, and that line must consist only of the clear-text \
private key password.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_PK_PW_DESC=Interactively \
prompt for the password to use to protect the private key. This is only \
needed when importing a private key along with a certificate chain, or when \
importing a certificate chain into an alias with an existing private key. \
In many cases, the private key password will be the same as the key store \
password and in such instances, the private key password can be omitted and \
the key store password will be used as the private key password. \
However, if you are importing a private key and wish to protect it with a \
password that does not match the key store password, or if you are \
importing a new certificate chain for an existing private key that uses a \
password that does not match the key store password, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be provided.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ENC_PW_DESC=The password used to encrypt \
the private key being imported. At most one of the --encryption-password, \
--encryption-password-file, and --prompt-for-encryption-password arguments \
may be provided. If none of those arguments is provided, then it will be \
assumed that the private key is not encrypted.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_ENC_PW_FILE_DESC=The path to a file \
containing the password used to encrypt the private key being imported. If \
provided, the file must exist, must contain only one line, and that line \
must consist only of the clear-text encryption password. At most one of the \
--encryption-password, --encryption-password-file, and \
--prompt-for-encryption-password arguments may be provided. If none of \
those arguments is provided, then it will be assumed that the private key is \
not encrypted.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_PROMPT_FOR_ENC_PW_DESC=Interactively \
prompt for the password used to encrypt the private key being imported. At \
most one of the --encryption-password, --encryption-password-file, and \
--prompt-for-encryption-password arguments may be provided. If none of \
those arguments is provided, then it will be assumed that the private key is \
not encrypted.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_NO_PROMPT_DESC=Import the certificates \
without prompting the end user. By default, the certificates will be \
displayed and the user will be interactively prompted about whether to \
import them.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_1=Import the certificates in the \
''{0}'' file into the specified key store using an alias of ''server-cert''.
INFO_MANAGE_CERTS_SC_IMPORT_CERT_EXAMPLE_2=Import a certificate chain, \
including a private key, from the set of provided files into the specified \
key store using an alias of ''server-cert''.
INFO_MANAGE_CERTS_SC_DELETE_CERT_DESC=Removes a certificate from a key store.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_DESC=The path to the key store file \
containing the certificate to remove. This is required, and the key store \
file must exist.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. A \
key store password is required when importing certificates, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is required when importing certificates, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. If a key store \
password file is supplied, then the file must exist, must contain only one \
line, and that line must consist only of the \
clear-text key store password.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is required when \
importing certificates, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when deleting certificates, but \
it may be required in some cases (for example, when listing the \
certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant Key Store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the certificate to delete. This is required, and it may only \
be provided once.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_NO_PROMPT_DESC=Delete the certificate \
without prompting the end user. By default, the target certificate will be \
displayed and the user will be interactively prompted about whether to \
delete it.
INFO_MANAGE_CERTS_SC_DELETE_CERT_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_DELETE_CERT_EXAMPLE_1=Remove the ''server-cert'' \
certificate from the ''{0}'' key store.
INFO_MANAGE_CERTS_SC_GEN_CERT_DESC=Generates a self-signed certificate in a \
key store.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_DESC=The path to the key store file \
in which the self-signed certificate will be created. This is required, \
but if the file does not exist, then it will be created.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. If the \
key store does not exist, then it will be created with this password. A \
key store password is required when generating certificates, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_PW_FILE_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. If the \
key store does not exist, then it will be created with this password. A \
key store password is required when generating certificates, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. If a key store \
password file is supplied, then the file must exist, must contain only one \
line, and that line must consist only of the clear-text key store password. \
The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. If the key store does not exist, then \
it will be created with this password. A key store password is required \
when generating certificates, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_DESC=The password (also called a \
passphrase or PIN) to use to protect the private key. Although in many \
cases, private keys will be protected with the same password as the key \
store itself, it is possible to use a different password for the private \
key. If an alternate private key password is needed, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PK_PW_FILE_DESC=The path to a file \
containing the password to use to protect the private key. Although in \
many cases, private keys will be protected with the same password as the \
key store itself, it is possible to use a different password for the \
private key. If an alternate private key password is needed, then one of \
the --private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. If a \
private key password file is supplied, then the file must exist, must \
contain only one line, and that line must consist only of the clear-text \
private key password. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_PROMPT_FOR_PK_PW_DESC=Interactively prompt \
for the password to use to protect the private key. Although in many \
cases, private keys will be protected with the same password as the key \
store itself, it is possible to use a different password for the private \
key. If an alternate private key password is needed, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KS_TYPE_DESC=The key store type for the \
key store to create. This argument should only be provided when creating a \
new key store, and it will be ignored if the key store already exists. The \
value must be one of ''JKS'' (for the Java Key Store format), ''PKCS12'' \
(for the standard PKCS #12 format), ''PKCS11'' (for PKCS #11 tokens), or \
''BCFKS'' (for the Bouncy Castle FIPS 140-2-compliant Key Store format). \
If this is not provided, then a default key store type of ''JKS'' will be \
used for newly-created key stores.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_ALIAS_DESC=The alias (also called a \
nickname) to use for the newly-generated certificate. If the \
--use-existing-key-pair argument is provided, then this must be the alias \
of the private key for which to replace the certificate chain with the \
self-signed certificate. If the --use-existing-key-pair argument is not \
provided, then the alias must not already exist in the key store.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_USE_EXISTING_KP_DESC=Indicates that the new \
self-signed certificate should replace the certificate chain associated \
with an existing private key that is identified by the --alias argument, \
reusing the existing key pair. If this argument is not provided, then a \
new key pair will be generated.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SUBJECT_DN_DESC=The subject DN for the new \
certificate. This must be provided unless the \
--use-existing-key-pair argument is given. If the --use-existing-key-pair \
argument is provided, then the --subject-dn argument may be omitted if you \
want to reuse the same subject as the existing certificate. A subject DN \
typically includes at least a ''CN'' attribute (which in a server \
certificate should be the hostname that clients are expected to use when \
connecting to the server, and in other certificates indicates the purpose \
of that certificate), and may also include additional attributes like \
''OU'' (the associated department or organizational unit name), ''O'' (the \
company or organization name), ''L'' (the city or locality name), ''ST'' \
(the full name -- NOT the two-letter abbreviation -- of the state or \
province), ''C'' (the two-letter country code -- NOT the full country \
name). For example: ''CN=ldap.example.com,OU=Directory Services,O=Example \
Corporation,L=Austin,ST=Texas,C=US''.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DAYS_VALID_DESC=The number of days that \
the certificate should be considered valid. If this argument is not \
provided, then a default value of 365 days will be used.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_VALIDITY_START_TIME_DESC=The time that the \
certificate''s validity window should start (that is, the ''notBefore'' \
value). If this is not provided, then the current time will be used. If a \
value is given, it should be in the form ''YYYYMMDDhhmmss'' (for example, \
''{0}''). Timestamp values are assumed to be in the local time zone.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_ALGORITHM_DESC=The name of the key \
algorithm to use to generate the key pair. If present, the value will \
typically be ''RSA'' or ''EC'' (for elliptic curve). This argument must \
not be provided if the --use-existing-key-pair argument is used. If \
neither this argument nor the --use-existing-key-pair argument is provided, \
then a default key algorithm of ''RSA'' will be used.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KEY_SIZE_BITS_DESC=The size of the key to \
generate, in bits. This argument must not be provided if the \
--use-existing-key-pair argument is used. This argument must be provided \
if the --key-algorithm argument is used to specify an algorithm other than \
''RSA''. If neither this argument nor the --use-existing-key-pair argument \
is provided, then a default key size of 2048 bits will be used.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SIG_ALG_DESC=The name of the algorithm to \
use to sign the certificate. This argument must not be provided if the \
--use-existing-key-pair argument is used. This argument must be \
provided if the --key-algorithm argument is used to specify an algorithm \
other than ''RSA''. If neither this argument nor the \
--use-existing-key-pair argument is provided, then a default signature \
algorithm of ''SHA256withRSA'' will be used.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_INHERIT_EXT_DESC=This argument can only be \
used in conjunction with the --use-existing-key-pair argument, and it \
indicates that the new certificate should inherit all of the same extension \
values as the certificate being replaced (although extensions known to apply \
to the certificate''s issuer, like authority key identifier and issuer \
alternative name, may be excluded). If the --use-existing-key-pair argument \
is provided without the --inherit-extensions argument, then the new \
certificate will only have the extensions that are explicitly specified \
using other arguments.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_DNS_DESC=Indicates that the certificate \
should include a subject alternative name extension with the specified DNS \
hostname. This can be used to help clients trust a server certificate if \
they connect to the server using a different hostname than is included in \
the CN attribute of the certificate subject. This can be provided \
multiple times to specify multiple alternate hostnames, and hostnames can \
have an asterisk as their leftmost component (for example, \
''*.example.com'' or ''*.east.example.com'') to match any value in that \
component. Each value must contain only ASCII characters, so \
internationalized domain names must use the ASCII-Compatible Encoding (ACE) \
described in RFC 5890.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_IP_DESC=Indicates that the certificate \
should include a subject alternative name extension with the specified IP \
address. This can be used to help clients trust a server certificate if \
they connect to the server using an IP address rather than the hostname \
that is included in the CN attribute of the certificate subject. This can \
be provided multiple times to specify multiple IP addresses, and each value \
must be a valid IPv4 or IPv6 address. There is no support for wildcards, \
CIDR, other mechanisms for specifying a range of addresses.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_EMAIL_DESC=Indicates that the \
certificate should include a subject alternative name extension with the \
specified email address (technically, RFC 822 name) value. This can be \
provided multiple times to specify multiple email addresses. Each value \
must contain only ASCII characters, so internationalized email addresses \
must use the ASCII-Compatible Encoding (ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_URI_DESC=Indicates that the certificate \
should include a subject alternative name extension with the specified URI \
value. This can be provided multiple times to specify multiple URIs. Each \
value must contain only ASCII characters, so internationalized resource \
identifiers must be mapped to URIs as described in RFC 3987.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_SAN_OID_DESC=Indicates that the certificate \
should include a subject alternative name extension with the specified OID \
as a resource identifier. This can be provided multiple times to specify \
multiple OIDs, and each value must be the string representation of a valid \
object identifier.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_IS_CA_DESC=Indicates that the \
certificate should include a basic constraints extension that indicates \
whether the certificate should be considered a certification authority. If \
present, the value must be either ''true'' or ''false''.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_BC_PATH_LENGTH_DESC=Indicates that the \
certificate should include a basic constraints extension that specifies \
that there must not be more than the specified number of intermediate \
certificates between that issuer certificate and the subject certificate in \
a certificate chain. This argument can only be provided in conjunction \
with a --basic-constraints-is-ca value of ''true''.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_KU_DESC=Indicates that the certificate \
should include a key usage extension that indicates that the certificate \
can be used for a specified purpose. Allowed values for this argument are \
''digital-signature'', ''non-repudiation'', ''key-encipherment'', \
''data-encipherment'', ''key-agreement'', ''key-cert-sign'', ''crl-sign'', \
''encipher-only'', and ''decipher-only''. This argument can be provided \
multiple times to specify multiple key usage values.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EKU_DESC=Indicates that the certificate \
should include an extended key usage extension that indicates that the \
certificate can be used for a specified purpose. Allowed values for this \
argument are ''server-auth'', ''client-auth'', ''code-signing'', \
''email-protection'', ''time-stamping'', and ''ocsp-signing'', or the \
string representation of any valid object identifier. This argument can be \
provided multiple times to specify multiple extended key usage values.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_EXT_DESC=Indicates that the certificate \
should include an extension with the specified content. The value must be \
in the form oid:criticality:value, where oid is the OID that identifies \
the type of extension, criticality is a value of either ''true'' or \
''false'', and value is the hexadecimal representation of the extension \
value (for example, --ext 2.5.29.19:true:30030101ff).
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_OUTPUT_FILE_DESC=The output file to which \
the generated certificate should be written, if desired.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_FORMAT_DESC=The format in which the \
generated certificate should be written to the specified output file. The \
value may be either ''PEM'' (to export the certificate in the text-based \
PEM format), or ''DER'' (to export the certificate in the binary DER \
format). If this is not provided, then the PEM output format will be used.
INFO_MANAGE_CERTS_SC_GEN_CERT_ARG_DISPLAY_COMMAND_DESC=Display a command that \
can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_1=Generates a self-signed certificate \
with an alias of ''server-cert'' and subject DN of \
''CN=ldap.example.com,O=Example Corp,C=US''. The certificate will use a \
2048-bit RSA key, a signature algorithm of SHA256withRSA, and a validity of \
365 days, starting immediately.
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_2=Generates a self-signed certificate \
to replace the existing certificate with the ''server-cert'' alias. The \
new certificate will reuse the existing certificate''s key pair, will \
include the same subject, key and signature algorithms, and set of \
extensions as the existing certificate, and it will have a validity of 365 \
days, starting immediately.
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_3=Generates a self-signed server \
certificate with an alias of ''server-cert'', a subject DN of \
''CN=ldap.example.com,O=Example Corp,C=US'', a 4096-bit RSA key, \
a signature algorithm of SHA256withRSA, a subject alternate name \
extension with DNS names of ''ldap1.example.com'' and \
''ldap2.example.com'' and IP addresses of 1.2.3.4 and 1.2.3.5, and an \
extended key usage extension with the server-auth and client-auth usages. \
The certificate will have a validity of 3650 days, starting at midnight on \
January 1, 2017 in the local time zone.
INFO_MANAGE_CERTS_SC_GEN_CERT_EXAMPLE_4=Generates a self-signed certification \
authority certificate with an alias of ''ca-cert'', a subject DN of \
''CN=Example Certification Authority,O=Example Corp,C=US'', a 256-bit \
elliptic curve key, a signature algorithm of SHA256withECDSA, a basic \
constraints extension that indicates the certificate is a certification \
authority, and a key usage extension with the key-cert-sign and crl-sign \
values. The certificate will have a validity of 7300 days, starting at \
midnight on January 1, 2017 in the local time zone.
INFO_MANAGE_CERTS_SC_GEN_CSR_DESC=Generates a certificate signing request \
(CSR) for a private key in a key store, optionally generating the private \
key in the process. The certificate signing request may be either written \
to standard output or to a specified output file.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_FORMAT_DESC=The output format to use for the \
generated certificate signing request. The value may be either ''PEM'' \
(to export the request in the text-based PEM format), or ''DER'' (to export \
the request in the binary DER format). If this is not provided, then the \
PEM output format will be used.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_OUTPUT_FILE_DESC=The path to the output \
file to which the certificate signing request should be written. If this \
is not provided, then the certificate signing request will be written to \
standard output.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_DESC=The path to the key store file that \
contains the key (or in which the key will be generated) to use for the \
certificate signing request. This is required, but if the file does not \
exist, then it will be created.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. If the \
key store does not exist, then it will be created with this password. A \
key store password is required when generating certificate signing requests, \
so one of the --keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_PW_FILE_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. If the \
key store does not exist, then it will be created with this password. A \
key store password is required when generating certificate signing \
requests, so one of the --keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. If a key store \
password file is supplied, then the file must exist, must contain only one \
line, and that line must consist only of the clear-text key store \
password. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_KS_PW_DESC=Interactively prompt \
for the key store password. If the key store does not exist, then it will \
be created with this password. A key store password is required when \
generating certificate signing requests, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_DESC=The password (also called a \
passphrase or PIN) to use to protect the private key. Although in many \
cases, private keys will be protected with the same password as the key \
store itself, it is possible to use a different password for the private \
key. If an alternate private key password is needed, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PK_PW_FILE_DESC=The path to a file \
containing the password to use to protect the private key. Although in \
many cases, private keys will be protected with the same password as the \
key store itself, it is possible to use a different password for the \
private key. If an alternate private key password is needed, then one of \
the --private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. If a \
private key password file is supplied, then the file must exist, must \
contain only one line, and that line must consist only of the clear-text \
private key password. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_PROMPT_FOR_PK_PW_DESC=Interactively prompt \
for the password to use to protect the private key. Although in many \
cases, private keys will be protected with the same password as the key \
store itself, it is possible to use a different password for the private \
key. If an alternate private key password is needed, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KS_TYPE_DESC=The key store type for the \
key store to create. This argument should only be provided when creating a \
new key store, and it will be ignored if the key store already exists. The \
value must be one of ''JKS'' (for the Java Key Store format), ''PKCS12'' \
(for the standard PKCS #12 format), ''PKCS11'' (for PKCS #11 tokens), or \
''BCFKS'' (for the Bouncy Castle FIPS 140-2-compliant Key Store format). \
If this is not provided, then a default key store type of ''JKS'' will be \
used for newly-created key stores.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the private key to use to generate the certificate signing \
request. If the --use-existing-key-pair argument is provided, then this \
must be the alias of an existing private key. If the \
--use-existing-key-pair argument is not provided, then the alias must not \
already exist in the key store, and a corresponding key pair will be \
created in that alias.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_USE_EXISTING_KP_DESC=Indicates that the \
certificate signing request should use an existing key pair in the key \
store, identified by the specified alias. If this argument is not \
provided, then a new key pair will be generated for the certificate signing \
request and stored in the key store.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SUBJECT_DN_DESC=The subject DN for the \
certificate signing request. This must be provided unless then \
--use-existing-key-pair argument is given. If the --use-existing-key-pair \
argument is provided, then the --subject-dn argument may be omitted if you \
want to reuse the same subject as the existing certificate. A subject DN \
typically includes at least a ''CN'' attribute (which in a server \
certificate should be the hostname that clients are expected to use when \
connecting to the server, and in other certificates indicates the purpose \
of that certificate), and may also include additional attributes like \
''OU'' (the associated department name), ''O'' (the company or organization \
name), ''L'' (the city or locality name), ''ST'' (the full name -- NOT the \
two-letter abbreviation -- of the state or province), ''C'' (the two-letter \
country code -- NOT the full country name). For example: \
''CN=ldap.example.com,OU=Directory Services,O=Example \
Corporation,L=Austin,ST=Texas,C=US''.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_ALGORITHM_DESC=The name of the key \
algorithm to use to generate the key pair. If present, the value will \
typically be ''RSA'' or ''EC'' (for elliptic curve). This argument must \
not be provided if the --use-existing-key-pair argument is used. If \
neither this argument nor the --use-existing-key-pair argument is provided, \
then a default key algorithm of ''RSA'' will be used.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KEY_SIZE_BITS_DESC=The size of the key to \
generate, in bits. This argument must not be provided if the \
--use-existing-key-pair argument is used. This argument must be provided \
if the --key-algorithm argument is used to specify an algorithm \
other than ''RSA''. If neither this argument nor the \
--use-existing-key-pair argument is provided, then a default key size of \
2048 bits will be used.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SIG_ALG_DESC=The name of the algorithm to \
use to sign the certificate. This argument must not be provided if the \
--use-existing-key-pair argument is used. This argument must be provided \
if the --key-algorithm argument is used to specify an algorithm other than \
''RSA''. If neither this argument nor the --use-existing-key-pair argument \
is provided, then a default signature algorithm of ''SHA256withRSA'' will \
be used.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_INHERIT_EXT_DESC=This argument can only be \
used in conjunction with the --use-existing-key-pair argument, and it \
indicates that the requested certificate should inherit all of the same \
extension values as the existing certificate (although extensions known to \
apply to the certificate''s issuer, like authority key identifier and \
issuer alternative name, may be excluded). If the --use-existing-key-pair \
argument is provided without the --inherit-extensions argument, then the \
new certificate will only have the extensions that are explicitly specified \
using other arguments.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_DNS_DESC=Indicates that the certificate \
signing request should include a subject alternative name extension with \
the specified DNS hostname. This can be used to help clients trust a \
server certificate if they connect to the server using a different \
hostname than is included in the CN attribute of the certificate subject. \
This can be provided multiple times to specify multiple alternate \
hostnames, and hostnames can have an asterisk as their leftmost component \
(for example, ''*.example.com'' or ''*.east.example.com'') to match any \
value in that component. Each value must contain only ASCII characters, so \
internationalized domain names must use the ASCII-Compatible Encoding \
(ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_IP_DESC=Indicates that the certificate \
signing request should include a subject alternative name extension with \
the specified IP address. This can be used to help clients trust a server \
certificate if they connect to the server using an IP address rather than \
the hostname that is included in the CN attribute of the certificate \
subject. This can be provided multiple times to specify multiple IP \
addresses, and each value must be a valid IPv4 or IPv6 address. There is \
no support for wildcards, CIDR, other mechanisms for specifying a range of \
addresses.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_EMAIL_DESC=Indicates that the \
certificate signing request should include a subject alternative name \
extension with the specified email address (technically, RFC 822 name) \
value. This can be provided multiple times to specify multiple email \
addresses. Each value must contain only ASCII characters, so \
internationalized email addresses must use the ASCII-Compatible Encoding \
(ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_URI_DESC=Indicates that the certificate \
signing request should include a subject alternative name extension with \
the specified URI value. This can be provided multiple times to specify \
multiple URIs. Each value must contain only ASCII characters, so \
internationalized resource identifiers must be mapped to URIs as described \
in RFC 3987.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_SAN_OID_DESC=Indicates that the certificate \
signing request should include a subject alternative name extension with \
the specified OID as a resource identifier. This can be provided multiple \
times to specify multiple OIDs, and each value must be the string \
representation of a valid object identifier.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_BC_IS_CA_DESC=Indicates that the certificate \
signing request should include a basic constraints extension that indicates \
whether the certificate should be considered a certification authority. If \
present, the value must be either ''true'' or ''false''.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_BC_PATH_LENGTH_DESC=Indicates that the \
certificate signing request should include a basic constraints extension \
that specifies that there must not be more than the specified number of \
intermediate certificates between that certificate and the subject \
certificate in a certificate chain. This argument can only be provided in \
conjunction with a --basic-constraints-is-ca value of ''true''.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_KU_DESC=Indicates that the certificate \
signing request should include a key usage extension that indicates that \
the certificate can be used for a specified purpose. Allowed values for \
this argument are ''digital-signature'', ''non-repudiation'', \
''key-encipherment'', ''data-encipherment'', ''key-agreement'', \
''key-cert-sign'', ''crl-sign'', ''encipher-only'', and ''decipher-only''. \
This argument can be provided multiple times to specify multiple key usage \
values.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EKU_DESC=Indicates that the certificate \
signing request should include an extended key usage extension that \
indicates that the certificate can be used for a specified purpose. \
Allowed values for this argument are ''server-auth'', ''client-auth'', \
''code-signing'', ''email-protection'', ''time-stamping'', and \
''ocsp-signing'', or the string representation of any valid object \
identifier. This argument can be provided multiple times to specify \
multiple extended key usage values.
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_EXT_DESC=Indicates that the certificate \
signing request should include an extension with the specified content. \
The value must be in the form oid:criticality:value, where oid is the OID \
that identifies the type of extension, criticality is a value of either \
''true'' or ''false'', and value is the hexadecimal representation of the \
extension value (for example, --ext 2.5.29.19:true:30030101ff).
INFO_MANAGE_CERTS_SC_GEN_CSR_ARG_DISPLAY_COMMAND_DESC=Display a command that \
can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_1=Generates a certificate signing \
request for a certificate with a subject DN of \
''CN=ldap.example.com,O=Example Corp,C=US''. The request will generate a \
new key pair in the ''server-cert'' alias with a 2048-bit RSA key and a \
signature algorithm of SHA256withRSA. The generated certificate signing \
request will be sent to standard output.
INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_2=Generates a certificate signing \
request to replace the existing certificate with the ''server-cert'' \
alias. The new certificate will use the same key pair as the existing \
certificate, will include the same subject, key and signature algorithms, \
and set of extensions as the existing certificate, and the request will be \
written to the server-cert.csr output file.
INFO_MANAGE_CERTS_SC_GEN_CSR_EXAMPLE_3=Generates a certificate signing \
request for a certificate with a subject DN of \
''CN=ldap.example.com,O=Example Corp,C=US'', a subject alternate name \
extension with DNS names of ''ldap1.example.com'' and ''ldap2.example.com'' \
and IP addresses of 1.2.3.4 and 1.2.3.5, and an extended key usage \
extension with the server-auth and client-auth usages. The certificate \
will use a newly-generated key pair with a 256-bit elliptic curve key and a \
signature algorithm of SHA256withECDSA. The request will be written to the \
server-cert.csr output file.
INFO_MANAGE_CERTS_SC_SIGN_CSR_DESC=Signs a certificate signing request (CSR) \
provided in a specified input file using a certificate contained in a \
specified key store. The signed certificate may be written to either \
standard output or to a specified file.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INPUT_FILE_DESC=The path to the input file \
containing the certificate signing request to process. This must be \
provided, and the specified file must exist.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_OUTPUT_FILE_DESC=The path to the output \
file to which the signed certificate should be written. If this is not \
provided, then the certificate will be written to standard output.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_FORMAT_DESC=The output format to use for \
the signed certificate. The value may be either ''PEM'' (to write the \
certificate in the text-based PEM format), or ''DER'' (to write the \
certificate in the binary DER format). If this is not provided, then the \
PEM output format will be used. If an output format of ''DER'' is \
specified, then the --certificate-output-file argument must also be provided.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_DESC=The path to the key store file that \
contains the certificate that will be used to sign the requested \
certificate. This must be provided, and the specified file must exist.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store \
containing the signing certificate. A key store password is required when \
signing certificate requests, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_PW_FILE_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store \
containing the signing certificate. A key store password is required when \
signing certificate requests, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. If a key store password file is supplied, then the file must \
exist, must contain only one line, and that line must consist only of the \
clear-text key store password.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_KS_PW_DESC=Interactively prompt \
for the key store password. A key store password is required when signing \
certificate requests, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_DESC=The password (also called a \
passphrase or PIN) to use to protect the private key. Although in many \
cases, private keys will be protected with the same password as the key \
store itself, it is possible to use a different password for the private \
key. If an alternate private key password is needed, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PK_PW_FILE_DESC=The path to a file \
containing the password to use to protect the private key. Although in \
many cases, private keys will be protected with the same password as the \
key store itself, it is possible to use a different password for the \
private key. If an alternate private key password is needed, then one of \
the --private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password. If a \
private key password file is supplied, then the file must exist, must \
contain only one line, and that line must consist only of the clear-text \
private key password.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_PROMPT_FOR_PK_PW_DESC=Interactively prompt \
for the password to use to protect the private key. Although in many \
cases, private keys will be protected with the same password as the key \
store itself, it is possible to use a different password for the private \
key. If an alternate private key password is needed, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments should be used to provide that \
private key password. If none of these arguments is given, then the \
key store password will be used as the private key password.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when signing certificates, but \
it may be required in some cases (for example, when listing the \
certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant Key Store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the certificate to use to sign the request. This alias must \
exist in the key store, and it must reference a private key with a \
certificate chain.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SUBJECT_DN_DESC=The subject DN for the \
signed certificate. A subject DN typically includes at least a ''CN'' \
attribute (which in a server certificate should be the hostname that \
clients are expected to use when connecting to the server, and in other \
certificates indicates the purpose of that certificate), and may also \
include additional attributes like ''OU'' (the associated department or \
organizational unit name), ''O'' (the company or organization name), ''L'' \
(the city or locality name), ''ST'' (the full name -- NOT the two-letter \
abbreviation -- of the state or province), ''C'' (the two-letter country \
code -- NOT the full country name). For example: \
''CN=ldap.example.com,OU=Directory Services,O=Example \
Corporation,L=Austin,ST=Texas,C=US''. This argument is optional, and if it \
is not provided, then the subject DN from the certificate signing request \
will be used.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DAYS_VALID_DESC=The number of days that \
the signed certificate should be considered valid. If this argument is not \
provided, then a default value of 365 days will be used.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_VALIDITY_START_TIME_DESC=The time that the \
signed certificate''s validity window should start (that is, the \
''notBefore'' value). If this is not provided, then the current time will \
be used. If a value is given, it should be in the form ''YYYYMMDDhhmmss'' \
(for example, ''{0}''). Timestamp values are assumed to be in the local \
time zone.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SIG_ALG_DESC=The name of the algorithm to \
use to sign the certificate. If this is not provided, then the signature \
algorithm from the certificate signing request will be used.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_INCLUDE_EXT_DESC=Indicates that the \
signed certificate should include all of the extensions requested in the \
certificate signing request (although extensions known to apply to the \
certificate''s issuer, like authority key identifier and issuer alternative \
name, may be excluded), and the requested extensions will be included in \
addition to any other extensions requested via command-line arguments. If \
this is not provided, then only the extensions requested via command-line \
arguments will be included in the signed certificate.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_DNS_DESC=Indicates that the signed \
certificate should include a subject alternative name extension with \
the specified DNS hostname. This can be used to help clients trust a \
server certificate if they connect to the server using a different \
hostname than is included in the CN attribute of the certificate subject. \
This can be provided multiple times to specify multiple alternate \
hostnames, and hostnames can have an asterisk as their leftmost component \
(for example, ''*.example.com'' or ''*.east.example.com'') to match any \
value in that component. Each value must contain only ASCII characters, so \
internationalized domain names must use the ASCII-Compatible Encoding \
(ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_IP_DESC=Indicates that the signed \
certificate should include a subject alternative name extension with \
the specified IP address. This can be used to help clients trust a server \
certificate if they connect to the server using an IP address rather than \
the hostname that is included in the CN attribute of the certificate \
subject. This can be provided multiple times to specify multiple IP \
addresses, and each value must be a valid IPv4 or IPv6 address. There is \
no support for wildcards, CIDR, other mechanisms for specifying a range of \
addresses.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_EMAIL_DESC=Indicates that the signed \
certificate should include a subject alternative name extension with the \
specified email address (technically, RFC 822 name) value. This can be \
provided multiple times to specify multiple email addresses. Each value \
must contain only ASCII characters, so internationalized email addresses \
must use the ASCII-Compatible Encoding (ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_URI_DESC=Indicates that the signed \
certificate should include a subject alternative name extension with \
the specified URI value. This can be provided multiple times to specify \
multiple URIs. Each value must contain only ASCII characters, so \
internationalized resource identifiers must be mapped to URIs as described \
in RFC 3987.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_SAN_OID_DESC=Indicates that the signed \
certificate should include a subject alternative name extension with the \
specified OID as a resource identifier. This can be provided multiple \
times to specify multiple OIDs, and each value must be the string \
representation of a valid object identifier.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_DNS_DESC=Indicates that the signed \
certificate should include an issuer alternative name extension with \
the specified DNS hostname. This can be provided multiple times to specify \
multiple alternate hostnames, and hostnames can have an asterisk as their \
leftmost component (for example, ''*.example.com'' or \
''*.east.example.com'') to match any value in that component. Each value \
must contain only ASCII characters, so internationalized domain names must \
use the ASCII-Compatible Encoding (ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_IP_DESC=Indicates that the signed \
certificate should include an issuer alternative name extension with \
the specified IP address. This can be provided multiple times to specify \
multiple IP addresses, and each value must be a valid IPv4 or IPv6 \
address. There is no support for wildcards, CIDR, other mechanisms for \
specifying a range of addresses.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_EMAIL_DESC=Indicates that the signed \
certificate should include an issuer alternative name extension with the \
specified email address (technically, RFC 822 name) value. This can be \
provided multiple times to specify multiple email addresses. Each value \
must contain only ASCII characters, so internationalized email addresses \
must use the ASCII-Compatible Encoding (ACE) described in RFC 5890.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_URI_DESC=Indicates that the signed \
certificate should include an issuer alternative name extension with \
the specified URI value. This can be provided multiple times to specify \
multiple URIs. Each value must contain only ASCII characters, so \
internationalized resource identifiers must be mapped to URIs as described \
in RFC 3987.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_IAN_OID_DESC=Indicates that the signed \
certificate should include an issuer alternative name extension with the \
specified OID as a resource identifier. This can be provided multiple \
times to specify multiple OIDs, and each value must be the string \
representation of a valid object identifier.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_BC_IS_CA_DESC=Indicates that the signed \
certificate should include a basic constraints extension that indicates \
whether the certificate should be considered a certification authority. If \
present, the value must be either ''true'' or ''false''.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_BC_PATH_LENGTH_DESC=Indicates that the \
signed certificate should include a basic constraints extension that \
specifies that there must not be more than the specified number of \
intermediate certificates between that issuer certificate and the subject \
certificate in a certificate chain. This argument can only be provided in \
conjunction with a --basic-constraints-is-ca value of ''true''.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_KU_DESC=Indicates that the signed \
certificate should include a key usage extension that indicates that \
the certificate can be used for a specified purpose. Allowed values for \
this argument are ''digital-signature'', ''non-repudiation'', \
''key-encipherment'', ''data-encipherment'', ''key-agreement'', \
''key-cert-sign'', ''crl-sign'', ''encipher-only'', and ''decipher-only''. \
This argument can be provided multiple times to specify multiple key usage \
values.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EKU_DESC=Indicates that the signed \
certificate should include an extended key usage extension that \
indicates that the certificate can be used for a specified purpose. \
Allowed values for this argument are ''server-auth'', ''client-auth'', \
''code-signing'', ''email-protection'', ''time-stamping'', and \
''ocsp-signing'', or the string representation of any valid object \
identifier. This argument can be provided multiple times to specify \
multiple extended key usage values.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_EXT_DESC=Indicates that the signed \
certificate should include an extension with the specified content. \
The value must be in the form oid:criticality:value, where oid is the OID \
that identifies the type of extension, criticality is a value of either \
''true'' or ''false'', and value is the hexadecimal representation of the \
extension value (for example, --ext 2.5.29.19:true:30030101ff).
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_NO_PROMPT_DESC=Sign the request without \
prompting the end user. By default, the certificate signing request will \
be displayed and the user will be interactively prompted about whether to \
sign it.
INFO_MANAGE_CERTS_SC_SIGN_CSR_ARG_DISPLAY_COMMAND_DESC=Display a command that \
can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_1=Signs the certificate signing request \
contained in file ''server-cert.csr'' using the ''ca-cert'' certificate \
contained in the ''{0}'' key store. The subject DN, signature algorithm, \
and extensions from the provided certificate signing request will be used \
to generate the corresponding values in the signed certificate, and the \
certificate will be valid for 365 days, starting immediately. The signed \
certificate will be written to standard output in PEM format.
INFO_MANAGE_CERTS_SC_SIGN_CSR_EXAMPLE_2=Signs the certificate signing request \
contained in file ''server-cert.csr'' using the ''ca-cert'' certificate \
contained in the ''{0}'' key store. The subject DN, signature algorithm, \
and extensions from the provided certificate signing request will be used \
to generate the corresponding values in the signed certificate, and the \
certificate will also include an issuer alternative name extension with an \
email address of ''[email protected]''. The signed certificate will be valid \
for 730 days starting at midnight on January 1, 2017 in the local \
timezone. The signed certificate will be written to the file \
''server-cert.der'' file in the binary DER format.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_DESC=Changes the alias of a certificate in \
a key store.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_DESC=The path to the key store file \
containing the alias to rename. This is required, and the keystore \
file must exist.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. A \
key store password is required, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is required, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. If a key store password file is supplied, then the file must \
exist, must contain only one line, and that line must consist only of the \
clear-text key store password.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is required so one \
of the --keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_DESC=The password (also called a \
passphrase or PIN) used to protect the private key. In many cases, the \
private key password will be the same as the password used to protect the \
key store itself, and in such instances, the private key password can be \
omitted and the key store password will be used. However, if the target \
alias includes a private key, and that private key is protected with a \
different password than the key store itself, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PK_PW_FILE_DESC=The path to a file \
containing the password used to protect the private key. In many cases, \
the private key password will be the same as the password used to protect \
the key store itself, and in such instances, the private key password can \
be omitted and the key store password will be used. However, if the target \
alias includes a private key, and that private key is protected with a \
different password than the key store itself, then one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments must be provided. If a private \
key password file is supplied, then the file must exist, must contain only \
one line, and that line must consist only of the clear-text private key \
password.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_PROMPT_FOR_PK_PW_DESC=Interactively \
prompt for the private key password. In many cases, the private key \
password will be the same as the password used to protect the key store \
itself, and in such instances, the private key password can be omitted and \
the key store password will be used. However, if the target alias includes \
a private key, and that private key is protected with a different password \
than the key store itself, then one of the --private-key-password, \
--private-key-password-file, or --prompt-for-private-key-password arguments \
must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when changing a certificate \
alias, but it may be required in some cases (for example, when listing the \
certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant Key Store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_CURRENT_ALIAS_DESC=The current alias \
for the key store entry to rename. This is required, and it may only be \
provided once.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_NEW_ALIAS_DESC=The new alias to assign \
to the target entry in the key store. This is required, and it may only be \
provided once.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_CHANGE_ALIAS_EXAMPLE_1=Changes the alias of the existing \
''server-cert'' certificate to be ''server-certificate''.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_DESC=Changes the password used to protect \
the contents of a key store.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_KS_DESC=The path to the key store file \
for which to change the password. This is required, and the key store \
file must exist.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_DESC=The current password \
for the key store. The current password is required, so one of the \
--current-keystore-password, --current-keystore-password-file, or \
--prompt-for-current-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_CURRENT_PW_FILE_DESC=The path to a \
file containing the current password for the key store. The current \
password is required, so one of the --current-keystore-password, \
--current-keystore-password-file, or --prompt-for-current-keystore-password \
arguments must be provided. If a key store password file is supplied, then \
the file must exist, must contain only one line, and that line must consist \
only of the clear-text key store password.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC=Interactively \
prompt for the current key store password. The current password \
is required, so one of the --current-keystore-password, \
--current-keystore-password-file, or --prompt-for-current-keystore-password \
arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_DESC=The new password for the \
key store. The new password is required, so one of the \
--new-keystore-password, --new-keystore-password-file, or \
--prompt-for-new-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_NEW_PW_FILE_DESC=The path to a file \
containing the new password for the key store. The new password is \
required, so one of the --new-keystore-password, \
--new-keystore-password-file, or --prompt-for-new-keystore-password \
arguments must be provided. If a key store password file is supplied, then \
the file must exist, must contain only one line, and that line must consist \
only of the clear-text key store password.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_PROMPT_FOR_NEW_PW_DESC=Interactively \
prompt for the new key store password. The new password is required, so \
one of the --new-keystore-password, --new-keystore-password-file, or \
--prompt-for-new-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_CHANGE_KS_PW_EXAMPLE_1=Changes the password for the \
''{0}'' key store from the current password contained in file ''{1}'' to \
the new password contained in file ''{2}''.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_DESC=Changes the password used to protect \
a specified private key.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_DESC=The path to the key store file \
containing the private key entry for which to change the password. This is \
required, and the key store file must exist.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. A \
key store password is required, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is required, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. If a key store password file is supplied, then the file must \
exist, must contain only one line, and that line must consist only of the \
clear-text key store password.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is required so one \
of the --keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_KS_TYPE_DESC=The key store type for the \
key store. This is usually not necessary when changing private key \
passwords, but it may be required in some cases (for example, when listing \
the certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant Key Store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the private key entry for which to change the password. This \
is required.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_DESC=The current password \
used to encrypt the private key. The current private key password is \
required, so one of the --current-private-key-password, \
--current-private-key-password-file, and \
--prompt-for-current-private-key-password arguments is required.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_CURRENT_PW_FILE_DESC=The path to a file \
containing the current password used to encrypt the private key. The \
current private key password is required, so one of the \
--current-private-key-password, --current-private-key-password-file, and \
--prompt-for-current-private-key-password arguments is required. If a \
private key password file is supplied, then the file must exist, must \
contain only one line, and that line must consist only of the clear-text \
private key password.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_CURRENT_PW_DESC=Interactively \
prompt for the current private key password. The current private key \
password is required, so one of the --current-private-key-password, \
--current-private-key-password-file, and \
--prompt-for-current-private-key-password arguments is required.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_DESC=The new password to use to \
encrypt the private key. The new private key password is required, so one \
of the --new-private-key-password, --new-private-key-password-file, and \
--prompt-for-new-private-key-password arguments is required.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_NEW_PW_FILE_DESC=The path to a file \
containing the new password to use to encrypt the private key. The new \
private key password is required, so one of the --new-private-key-password, \
--new-private-key-password-file, and --prompt-for-new-private-key-password \
arguments is required. If a private key password file is supplied, then \
the file must exist, must contain only one line, and that line must consist \
only of the clear-text private key password.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_PROMPT_FOR_NEW_PW_DESC=Interactively \
prompt for the new private key password. The new private key password is \
required, so one of the --new-private-key-password, \
--new-private-key-password-file, and \
--prompt-for-new-private-key-password arguments is required.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_CHANGE_PK_PW_EXAMPLE_1=Changes the password for the \
''server-cert'' private key entry in the ''{0}'' key store from the current \
password contained in file ''{1}'' to the new password contained in file \
''{2}''.
INFO_MANAGE_CERTS_SC_COPY_KS_DESC=Copies the contents of one key store to \
another. If the destination key store does not exist, then a new one will \
be created (allowing you to convert one type of key store to another). If \
the destination key store does exist, then there must not be any conflicts \
between the aliases of the source and destination key stores.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_DESC=The path to the source key store \
whose contents should be copied. This must be provided, and the file must \
exist.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_DESC=The password needed to access \
the contents of the source key store. Exactly one of the \
--source-keystore-password, --source-keystore-password-file, and \
--prompt-for-source-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the source \
key store. Exactly one of the --source-keystore-password, \
--source-keystore-password-file, and --prompt-for-source-keystore-password \
arguments must be provided.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_KS_PW=Interactively prompt \
for the password needed to access the contents of the source key store. \
Exactly one of the --source-keystore-password, \
--source-keystore-password-file, and --prompt-for-source-keystore-password \
arguments must be provided.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_DESC=The password needed to access \
private keys in the source key store. At most one of the \
--source-keystore-password, --source-keystore-password-file, and \
--prompt-for-source-keystore-password arguments must be provided, and if \
none of them is provided, then the source key store password will be used \
as the source private key password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_PK_PW_FILE_DESC=The path to a file \
containing the password needed to access the private keys in the source key \
store. At most one of the --source-keystore-password, \
--source-keystore-password-file, and --prompt-for-source-keystore-password \
arguments must be provided, and if none of them is provided, then the \
source key store password will be used as the source private key password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_SRC_PK_PW=Interactively prompt \
for the password needed to access private keys in the source key store. At \
most one of the --source-keystore-password, \
--source-keystore-password-file, and --prompt-for-source-keystore-password \
arguments must be provided, and if none of them is provided, then the \
source key store password will be used as the source private key password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_SRC_KS_TYPE=The key store type for the \
source key store. If provided, the value must be one of ''JKS'' (for the \
Java Key Store format), ''PKCS12'' (for the standard PKCS #12 key store \
format), ''PKCS11'' (for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy \
Castle FIPS 140-2-compliant Key Store format). If this is not provided, \
then an attempt will be made to automatically infer the correct key store \
type.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_DESC=The path to the destination key \
store to which the source key store contents should be copied. This must \
be provided, but if the file does not exist, then a new key store will be \
created.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_DESC=The password needed to access \
the contents of the destination key store. At most one of the \
--destination-keystore-password, --destination-keystore-password-file, and \
--prompt-for-destination-keystore-password arguments may be provided, and \
if none of them is given, then the source key store password will be used \
as the destination key store password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the destination \
key store. At most one of the --destination-keystore-password, \
--destination-keystore-password-file, and \
--prompt-for-destination-keystore-password arguments may be provided, and \
if none of them is given, then the source key store password will be used \
as the destination key store password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_KS_PW=Interactively prompt \
for the password needed to access the contents of the destination key \
store. At most one of the --destination-keystore-password, \
--destination-keystore-password-file, and \
--prompt-for-destination-keystore-password arguments may be provided, and \
if none of them is given, then the source key store password will be used \
as the destination key store password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_DESC=The password needed to access \
private keys in the destination key store. At most one of the \
--destination-keystore-password, --destination-keystore-password-file, and \
--prompt-for-destination-keystore-password arguments must be provided, and \
if none of them is provided, then the destination key store password will \
be used as the destination private key password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_PK_PW_FILE_DESC=The path to a file \
containing the password needed to access the private keys in the \
destination key store. At most one of the --destination-keystore-password, \
--destination-keystore-password-file, and \
--prompt-for-destination-keystore-password arguments must be provided, and \
if none of them is provided, then the destination key store password will \
be used as the destination private key password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_PROMPT_FOR_DST_PK_PW=Interactively prompt \
for the password needed to access private keys in the destination key \
store. At most one of the --destination-keystore-password, \
--destination-keystore-password-file, and \
--prompt-for-destination-keystore-password arguments must be provided, and \
if none of them is provided, then the destination key store password will \
be used as the destination private key password.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_DST_KS_TYPE=The key store type for the \
destination key store. If provided, the value must be one of ''JKS'' (for \
the Java Key Store format), ''PKCS12'' (for the standard PKCS #12 key store \
format), ''PKCS11'' (for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy \
Castle FIPS 140-2-compliant Key Store format). If this is not provided, \
then an attempt will be made to automatically infer the correct key store \
type if the destination key store exists, or a default type of ''JKS'' will \
be used if the file does not exist.
INFO_MANAGE_CERTS_SC_COPY_KS_ARG_ALIAS=The alias for a certificate to copy \
from the source key store to the destination key store. This may be \
provided multiple times if multiple specific certificates should be \
copied. If this is not provided, then all certificates in the source key \
store will be copied to the destination key store.
INFO_MANAGE_CERTS_SC_COPY_KS_EXAMPLE_1=Copies the contents of the ''{0}'' \
JKS key store to the ''{1}'' PKCS #12 key store.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_DESC=Initiates a secure connection to a \
server to get that server''s certificate chain, and then displays that \
certificate and optionally writes it to a file.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_HOSTNAME_DESC=The hostname or IP \
address of the server to which the connection should be established. This \
must be provided.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_PORT_DESC=The TCP port number of the \
server to which the connection should be established. Unless the \
--use-ldap-start-tls argument is provided, the port number must be one on \
which the server expects to accept TLS-based connections. If the \
--use-ldap-start-tls argument is provided, then the specified port must be \
one on which an LDAP server is listening for non-secure connections but \
on which clients may use the StartTLS extended operation to transition to \
using secure communication. Standard secure port numbers include 636 for \
LDAPS and 443 for HTTPS, and the standard non-secure port for LDAP is 389. \
This must be provided.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_USE_START_TLS_DESC=Indicates that the \
tool should initially establish a non-secure connection to an LDAP server, \
and then use the StartTLS extended operation to transition to using secure \
communication.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FILE_DESC=The path to the output file \
to which the retrieved certificates should be written. If this argument is \
provided, then a PEM or DER representation of all certificates in the chain \
will be written to the specified file. If this argument is not provided, \
then information about the certificate will only be written to standard \
output.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_FORMAT_DESC=The format in which the \
certificates should be written to the specified output file. The value \
may be either ''PEM'' (to use the text-based PEM format), or ''DER'' (to \
use the binary DER format). This argument may only be provided if the \
--output-file argument is also given. If this is not provided, then the \
PEM output format will be used.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ONLY_PEER_DESC=Only provide \
information about the peer certificate. If this argument is not provided, \
then the tool will provide information about all certificates in the \
presented chain.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_ENABLE_SSL_DEBUGGING_DESC=Enable \
Java''s low-level support for debugging SSL/TLS communication. This is \
equivalent to setting the ''javax.net.debug'' property to ''all''.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_ARG_VERBOSE_DESC=Display verbose \
information about the certificates that are retrieved. This will only \
affect what is written to standard output and will not alter what may be \
written to the output file (if one was requested).
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_1=Establish a secure connection \
to ds.example.com on port 636 and display basic information about the \
server''s certificate chain.
INFO_MANAGE_CERTS_SC_RETRIEVE_CERT_EXAMPLE_2=Establish an initially insecure \
connection to ds.example.com on port 389 and then invoke an LDAP StartTLS \
extended operation to establish a secure communication channel. Display \
verbose information about the peer certificate (ignoring any issuer \
certificates), and write a PEM representation of that certificate to the \
''ds-cert.pem'' file.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_DESC=Initiates a secure connection to a \
server to get that server''s certificate chain, and then adds those \
certificates to a key store so that it can be used as a trust store for that \
server.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_HOSTNAME_DESC=The hostname or IP \
address of the server to which the connection should be established. This \
must be provided.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PORT_DESC=The TCP port number of the \
server to which the connection should be established. Unless the \
--use-ldap-start-tls argument is provided, the port number must be one on \
which the server expects to accept TLS-based connections. If the \
--use-ldap-start-tls argument is provided, then the specified port must be \
one on which an LDAP server is listening for non-secure connections but \
on which clients may use the StartTLS extended operation to transition to \
using secure communication. Standard secure port numbers include 636 for \
LDAPS and 443 for HTTPS, and the standard non-secure port for LDAP is 389. \
This must be provided.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_USE_START_TLS_DESC=Indicates that the \
tool should initially establish a non-secure connection to an LDAP server, \
and then use the StartTLS extended operation to transition to using secure \
communication.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_DESC=The path to the key store file \
to which the certificates should be added. This is required, but if the \
file does not exist, then it will be created.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_DESC=The password (also called a \
passphrase or PIN) needed to access the contents of the key store. If the \
key store does not exist, then it will be created with this password. A \
key store password is required when importing certificates, so one of the \
--keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. The password \
must contain at least six characters.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_PW_FILE_DESC=The password (also \
called a passphrase or PIN) needed to access the contents of the key \
store. If the key store does not exist, then it will be created with this \
password. A key store password is required when importing certificates, so \
one of the --keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided. If a key store \
password file is supplied, then the file must exist, must contain only one \
line, and that line must consist only of the clear-text key store \
password. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. If the key store does not exist, then \
it will be created with this password. A key store password is required \
when importing certificates, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. The password must contain at least six characters.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_KS_TYPE_DESC=The key store type for the \
key store to create. This argument should only be provided when creating a \
new key store, and it will be ignored if the key store already exists. The \
value must be one of ''JKS'' (for the Java Key Store format), ''PKCS12'' \
(for the standard PKCS #12 format), ''PKCS11'' (for PKCS #11 tokens), or \
''BCFKS'' (for the Bouncy Castle FIPS 140-2-compliant Key Store format). \
If this is not provided, then a default key store type of ''JKS'' will be \
used for newly-created key stores.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ALIAS_DESC=The alias (also called a \
nickname) to use for the first certificate to add to the key store. This \
alias must not already be in use in the key store. If multiple \
certificates are to be imported, then the first certificate imported will \
use this alias, and subsequent certificates will have either ''-issuer'' \
(if there is only one issuer certificate) or ''-issuer-#'' (if there are \
multiple issuers, where # will be replaced with an incrementing number for \
each subsequent issuer). If this is omitted, then a default alias will be \
constructed from the hostname and port number.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ISSUERS_ONLY_DESC=Indicates that the \
tool should only update the key store to include the issuer certificates \
for the target server, but omit the server certificate at the head of the \
chain. This may be useful in environments in which all servers are signed \
by a common issuer and it is sufficient to trust just the issuer \
certificates. This argument will not have any effect for self-signed \
certificates in which a certificate is its own issuer.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_NO_PROMPT_DESC=Trust the server \
certificates without prompting the end user. By default, the server \
certificate chain will be displayed and the user will be interactively \
prompted about whether to trust the certificate.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_ENABLE_SSL_DEBUGGING_DESC=Enable \
Java''s low-level support for debugging SSL/TLS communication. This is \
equivalent to setting the ''javax.net.debug'' property to ''all''.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_ARG_VERBOSE_DESC=Display verbose \
information about the certificates in the server''s certificate chain.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_1=Establishes a secure connection \
to the server ds.example.com on port 636 and adds that server''s \
certificate chain to the ''{0}'' key store with a base alias of \
''ds.example.com:636''. The tool will display verbose information about \
the certificate chain presented by the server, and will interactively \
prompt about whether to trust that chain.
INFO_MANAGE_CERTS_SC_TRUST_SERVER_EXAMPLE_2=Establishes a non-secure \
connection to ds.example.com on port 389, and then uses the LDAP StartTLS \
extended operation to transition to a secure connection. It will then add \
the server''s issuer certificates to the ''{0}'' key store with a base \
alias of ''ds-start-tls-cert''. The tool will trust the certificate chain \
without any confirmation from the user.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_DESC=Examines a key store to determine \
how suitable a specified certificate is for use as a server certificate.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_DESC=The path to the key store \
file containing the certificate to check. This is required, and the \
key store file must exist.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_DESC=The password (also called \
a passphrase or PIN) needed to access the contents of the key store. A \
key store password is required, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_PW_FILE_DESC=The path to a file \
containing the password needed to access the contents of the key store. A \
key store password is required, so one of the --keystore-password, \
--keystore-password-file, or --prompt-for-keystore-password arguments must \
be provided. If a key store password file is supplied, then the file must \
exist, must contain only one line, and that line must consist only of the \
clear-text key store password.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_PROMPT_FOR_KS_PW_DESC=Interactively \
prompt for the key store password. A key store password is required, so \
one of the --keystore-password, --keystore-password-file, or \
--prompt-for-keystore-password arguments must be provided.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_KS_TYPE_DESC=The key store type for \
the key store. This is usually not necessary when checking certificate \
usability, but it may be required in some cases (for example, when listing \
the certificates in a BCFKS key store when not operating in FIPS \
140-2-compliant mode). The value must be one of ''JKS'' (for the Java Key \
Store format), ''PKCS12'' (for the standard PKCS #12 format), ''PKCS11'' \
(for PKCS #11 tokens), or ''BCFKS'' (for the Bouncy Castle FIPS \
140-2-compliant Key Store format). If this is not provided, then an \
attempt will be made to automatically infer the correct key store type.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_ARG_ALIAS_DESC=The alias (also called a \
nickname) of the certificate to examine. This is required, and it may only \
be provided once.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_IGNORE_SHA1_WARNING_DESC=Do not fail the \
validation check merely because an issuer certificate contains a signature \
based on the SHA-1 digest algorithm. The SHA-1 algorithm is considered \
weak, and some clients may reject a certificate chain that includes a \
certificate with a SHA-1-based signature, but because some commercial \
authorities still use SHA-1-based root certificates, this argument makes it \
possible to ignore this warning for issuer certificates.
INFO_MANAGE_CERTS_SC_CHECK_USABILITY_EXAMPLE_1=Check the ''server-cert'' \
certificate in the ''{0}'' key store to determine how suitable it is for \
use as a server certificate.
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_DESC=Displays information about all of the \
certificates contained in a file. The certificates may be formatted in \
either the text-based PEM or the binary DER format, and if the file \
multiple certificates, then all certificates must use the same format.
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_FILE_DESC=The path to a file \
containing the certificates to be printed. The certificates may be \
formatted in either the text-based PEM format or the binary DER format. \
If the certificates are in PEM format, then each certificate must include \
the begin header and end footer, and blank lines and lines that start with \
the octothorpe character (#) will be ignored. If the certificates are in \
DER format, then there must not be any delimiter between the certificates.
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_VERBOSE_DESC=Display verbose \
information about each of the certificates. If this argument is not \
provided, then the listing will only include basic summary information for \
each certificate, including its subject and issuer DNs, validity start and \
end times, and fingerprints. If this argument is provided, then additional \
information, including the X.509 certificate version, serial number, \
signature algorithm and value, public key algorithm and content, and \
extensions, will also be included.
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_1=Display basic information about \
each of the certificates in file ''{0}''.
INFO_MANAGE_CERTS_SC_DISPLAY_CERT_EXAMPLE_2=Display verbose information about \
each of the certificates in file ''{0}''. It will also display a command \
that can be used to accomplish a similar result using the Java keytool \
utility.
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_DESC=Displays information about a \
certificate signing request (CSR) contained in a file. The CSR may be \
formatted in either the text-based PEM or the binary DER format.
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_FILE_DESC=The path to a file \
containing the certificate signing request (CSR) to be printed. The CSR \
may be formatted in either the text-based PEM format or the binary DER \
format. If the request is in PEM format, it must include the begin header \
and end footer, and blank lines and lines that start with the \
octothorpe character (#) will be ignored. The file must contain only a \
single certificate signing request.
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_VERBOSE_DESC=Display verbose information \
about the certificate signing request. If this argument is not provided, \
then the listing will only include basic summary information for the \
request, including its subject DN, signature algorithm, and public key \
algorithm. If this argument is provided, then additional information about \
the signature, public key, and extensions will be included.
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_ARG_DISPLAY_COMMAND_DESC=Display a command \
that can be invoked to achieve a similar result with the Java keytool \
utility. Note that this may just be an approximation, since the \
manage-certificates and keytool utilities do not provide exactly the same \
sets of functionality.
INFO_MANAGE_CERTS_SC_DISPLAY_CSR_EXAMPLE_1=Display information about the \
certificate signing request in file ''{0}'', as well as a command that can \
be used to accomplish a similar result using the Java keytool utility.
ERR_MANAGE_CERTS_NO_SUBCOMMAND=ERROR: No subcommand was selected.
ERR_MANAGE_CERTS_UNKNOWN_SUBCOMMAND=ERROR: Unrecognized subcommand ''{0}''.
ERR_MANAGE_CERTS_LIST_CERTS_CANNOT_GET_ALIASES=ERROR: Unable to obtain a \
list of the aliases in key store ''{0}'':
INFO_MANAGE_CERTS_LIST_KEYSTORE_TYPE=Keystore Type: {0}
ERR_MANAGE_CERTS_LIST_CERTS_ERROR_GETTING_CERT=ERROR: An error occurred \
while attempting to retrieve the certificate with alias ''{0}'' from the \
key store: {1}
INFO_MANAGE_CERTS_LIST_CERTS_LABEL_ALIAS_WITHOUT_CHAIN=Alias: {0}
INFO_MANAGE_CERTS_LIST_CERTS_LABEL_ALIAS_WITH_CHAIN=Alias: {0} (Certificate \
{1,number,0} of {2,number,0} in a chain)
ERR_MANAGE_CERTS_LIST_CERTS_VERIFY_SIGNATURE_NO_ISSUER=WARNING: Unable to \
verify the signature for this certificate because issuer certificate \
''{0}'' could not be located in either the specified key store or the \
default set of JVM trusted issuers.
INFO_MANAGE_CERTS_LIST_CERTS_SIGNATURE_VALID=The certificate has a valid \
signature.
INFO_MANAGE_CERTS_LIST_CERTS_LABEL_HAS_PK_YES=Private Key Available: Yes
INFO_MANAGE_CERTS_LIST_CERTS_LABEL_HAS_PK_NO=Private Key Available: No
INFO_MANAGE_CERTS_LIST_CERTS_LABEL_PEM=PEM-Encoded Certificate:
WARN_MANAGE_CERTS_LIST_CERTS_ALIAS_NOT_IN_KS=WARNING: Alias ''{0}'' was \
requested for inclusion in the list of certificates, but there is no \
certificate with that alias in key store ''{1}''.
INFO_MANAGE_CERTS_LIST_CERTS_NO_CERTS_OR_KEYS_WITHOUT_PW=No certificates or \
keys were found in the key store. This may be because the key store is \
empty, or it may be that the key store requires a password in order to \
access its contents. If you believe the key store may be non-empty, then \
try again with one of the --keystore-password, --keystore-password-file, \
or --prompt-for-keystore-password arguments supply a key store password.
INFO_MANAGE_CERTS_LIST_CERTS_NO_CERTS_OR_KEYS_WITH_PW=No certificates or \
keys were found in the key store.
ERR_MANAGE_CERTS_EXPORT_CERT_NO_FILE_WITH_DER=ERROR: An output file must be \
specified when exporting certificates in the binary DER format.
ERR_MANAGE_CERTS_EXPORT_CERT_NO_CERT_WITH_ALIAS=ERROR: There is no \
certificate with alias ''{0}'' in key store ''{1}''.
ERR_MANAGE_CERTS_EXPORT_CERT_ERROR_GETTING_CERT=ERROR: An error occurred \
while trying to obtain the certificate with alias ''{0}'' from key store \
''{1}'':
ERR_MANAGE_CERTS_EXPORT_CERT_ERROR_OPENING_OUTPUT=ERROR: An error occurred \
while opening output file ''{0}'' for writing:
ERR_MANAGE_CERTS_EXPORT_CERT_ERROR_WRITING_CERT=ERROR: An error occurred \
while attempting to export the certificate with alias ''{0}'' and subject \
''{1}'':
WARN_MANAGE_CERTS_EXPORT_CERT_MISSING_CERT_IN_CHAIN=WARNING: Unable to \
locate issuer certificate with subject DN ''{0}'' in either key store \
''{1}'' or in the JVM''s default set of trusted certificates. The \
certificate chain is incomplete.
INFO_MANAGE_CERTS_EXPORT_CERT_EXPORT_SUCCESSFUL=Successfully exported the \
following certificate to ''{0}'':
ERR_MANAGE_CERTS_EXPORT_KEY_NO_FILE_WITH_DER=ERROR: An output file must be \
specified when exporting a private key in the binary DER format.
ERR_MANAGE_CERTS_EXPORT_KEY_NO_KEY_WITH_ALIAS=ERROR: There is no private key \
with alias ''{0}'' in key store ''{1}''.
ERR_MANAGE_CERTS_EXPORT_KEY_WRONG_KEY_PW=ERROR: Unable to retrieve the \
private key with alias ''{0}'' from key store ''{1}'' because the wrong \
password was used to try to access the key. Please use one of the \
--private-key-password, --private-key-password-file, or \
--prompt-for-private-key-password arguments to supply the correct password \
for the private key.
ERR_MANAGE_CERTS_EXPORT_KEY_ERROR_GETTING_KEY=ERROR: An error occurred \
while trying to obtain the private key with alias ''{0}'' from key store \
''{1}'':
ERR_MANAGE_CERTS_EXPORT_KEY_ERROR_OPENING_OUTPUT=ERROR: An error occurred \
while opening output file ''{0}'' for writing:
ERR_MANAGE_CERTS_EXPORT_KEY_ERROR_WRITING_KEY=ERROR: An error occurred \
while attempting to export the private with alias ''{0}'':
INFO_MANAGE_CERTS_EXPORT_KEY_EXPORT_SUCCESSFUL=Successfully exported the \
private key.
ERR_MANAGE_CERTS_IMPORT_CERT_NO_CERTS_IN_FILE=ERROR: Certificate file \
''{0}'' does not contain any certificates to import.
ERR_MANAGE_CERTS_IMPORT_CERT_SELF_SIGNED_NOT_LAST=ERROR: There are multiple \
certificates to import, but they do not form a valid certificate chain. \
The certificate with subject DN ''{0}'' is self-signed, but it is not the \
last certificate in the set of certificates to import.
ERR_MANAGE_CERTS_IMPORT_CERT_NEXT_NOT_ISSUER_OF_PREV=ERROR: There are \
multiple certificates to import, but they do not form a valid certificate \
chain. {0}
ERR_MANAGE_CERTS_IMPORT_CERT_CANNOT_GET_ISSUER=ERROR: An error occurred \
while trying to retrieve issuer certificate ''{0}'' from the key store or \
the JVM''s default set of trusted issuers to complete the certificate chain:
WARN_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_WITH_AKI=WARNING: The certificate \
with subject ''{0}'' and subject key identifier ''{1}'' was not included in \
the set of certificates to import, is not already present in the key store, \
and is not included in the JVM''s default set of trusted issuers. When \
validating a certificate chain, many clients expect to be able to find all \
certificates in the chain. Although the import will continue, you are \
strongly encouraged to find this issuer certificate, and any other \
certificates higher up the issuer chain, and import those certificates as \
well.
WARN_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_NO_AKI=WARNING: The certificate with \
subject ''{0}'' was not included in the set of certificates to import, \
is not already present in the key store, and is not included in the JVM''s \
default set of trusted issuers. When validating a certificate chain, many \
clients expect to be able to find all certificates in the chain. Although \
the import will continue, you are strongly encouraged to find this issuer \
certificate, and any other certificates higher up the issuer chain, and \
import those certificates as well.
ERR_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_WITH_AKI=ERROR: The certificate \
with subject ''{0}'' and subject key identifier ''{1}'' was not included in \
the set of certificates to import, is not already present in the key store, \
and is not included in the JVM''s default set of trusted issuers. When \
importing a private key, or when importing a signed certificate into an \
alias with an existing private key, the entire certificate chain must be \
available. Please locate this issuer certificate, and any other \
certificates higher up the issuer chain, so that the complete chain can be \
imported.
ERR_MANAGE_CERTS_IMPORT_CERT_NO_ISSUER_NO_AKI=ERROR: The certificate with \
subject ''{0}'' was not included in the set of certificates to import, \
is not already present in the key store, and is not included in the JVM''s \
default set of trusted issuers. When importing a private key, or when \
importing a signed certificate into an alias with an existing private key, \
the entire certificate chain must be available. Please locate this issuer \
certificate, and any other certificates higher up the issuer chain, so that \
the complete chain can be imported.
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_PK_KEY_ALIAS_CONFLICT=ERROR: Unable to \
import the private key and certificate chain into alias ''{0}'' because \
that alias is already associated with another key in the key store.
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_PK_CERT_ALIAS_CONFLICT=ERROR: Unable to \
import the private key and certificate chain into alias ''{0}'' because \
that alias is already associated with another certificate in the key store.
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_PK_ALIAS_CONFLICT_ERROR=ERROR: \
An error occurred while trying to check for an existing key or certificate \
with alias ''{0}'' in the key store:
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_CONVERTING_KEY=ERROR: Unable to convert \
the PKCS #8 key read from file ''{0}'' into a Java PrivateKey object \
suitable for importing into the key store:
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_CONVERTING_CERT=ERROR: Unable to convert \
the X.509 certificate with subject ''{0}'' into a Java certificate object \
suitable for importing into the key store:
INFO_MANAGE_CERTS_IMPORT_CERT_CONFIRM_IMPORT_CHAIN_NEW_KEY=The following \
certificate chain will be imported into the key store, along with a private \
key, into alias ''{0}'':
INFO_MANAGE_CERTS_IMPORT_CERT_PROMPT_IMPORT_CHAIN=Do you want to import this \
certificate chain into the key store?
ERR_MANAGE_CERTS_IMPORT_CERT_CANCELED=The import operation was canceled and \
the key store was not updated.
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_UPDATING_KS_WITH_CHAIN=ERROR: An error \
occurred while attempting to set the key entry for alias ''{0}'' with the \
private key and certificate chain:
INFO_MANAGE_CERTS_IMPORT_CERT_CREATED_KEYSTORE=Successfully created a new {0} \
key store.
INFO_MANAGE_CERTS_IMPORT_CERT_IMPORTED_CHAIN_WITH_PK=Successfully imported \
the certificate chain and its associated private key.
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_CONFLICTING_CERT_ALIAS=ERROR: The key \
store already has a certificate with alias ''{0}''. Please choose a \
different alias for the certificate to import.
ERR_MANAGE_CERTS_IMPORT_CERT_INTO_KEY_ALIAS_CANNOT_GET_KEY=ERROR: The \
key store already contains a key with alias ''{0}'', but an error was \
encountered while attempting to retrieve that key and its associated \
certificate chain:
ERR_MANAGE_CERTS_IMPORT_CERT_INTO_KEY_ALIAS_KEY_MISMATCH=ERROR: The key \
store already contains a key pair and certificate chain with alias ''{0}'', \
and that key pair uses a different public key than the certificate to \
import. A certificate can only be imported into an alias with an existing \
key pair if the certificate uses the same public key.
INFO_MANAGE_CERTS_IMPORT_CERT_CONFIRM_IMPORT_CHAIN_EXISTING_KEY=The following \
certificate chain will be imported into the key store into alias ''{0}'', \
preserving the existing private key associated with that alias:
INFO_MANAGE_CERTS_IMPORT_CERT_IMPORTED_CHAIN_WITHOUT_PK=Successfully imported \
the certificate chain.
ERR_MANAGE_CERTS_IMPORT_CERT_WITH_CONFLICTING_ISSUER_ALIAS=ERROR: The import \
process would have resulted in issuer certificate ''{0}'' being assigned an \
alias of ''{1}'', which is already in use by another certificate or key in \
the key store. Please choose a different alias to use as the base of the \
certificate chain, or import the issuer certificates manually with aliases \
that do not conflict.
ERR_MANAGE_CERTS_IMPORT_CERT_ERROR_UPDATING_KS_WITH_CERT=ERROR: An error \
occurred while attempting to add certificate ''{0}'' with alias ''{1}'' to \
the key store:
INFO_MANAGE_CERTS_IMPORT_CERT_CONFIRM_IMPORT_CHAIN_NO_KEY=The following \
certificate chain will be imported into the key store:
INFO_MANAGE_CERTS_IMPORT_CERT_LABEL_ALIAS=Alias: {0}
ERR_MANAGE_CERTS_DELETE_CERT_ERROR_GETTING_CERT=ERROR: An error occurred \
while attempting to retrieve the certificate stored in alias ''{0}'':
ERR_MANAGE_CERTS_DELETE_CERT_ERROR_GETTING_CHAIN=ERROR: An error occurred \
while attempting to retrieve the certificate chain associated with the \
private key stored in alias ''{0}'':
ERR_MANAGE_CERTS_DELETE_CERT_ERROR_ALIAS_NOT_CERT_OR_KEY=ERROR: There is \
no certificate or key entry with alias ''{0}'' in the key store.
INFO_MANAGE_CERTS_DELETE_CERT_CONFIRM_DELETE_CERT=The following certificate \
will be deleted from the key store:
INFO_MANAGE_CERTS_DELETE_CERT_CONFIRM_DELETE_CHAIN=The following certificate \
chain will be deleted from the key store, along with its corresponding \
private key:
INFO_MANAGE_CERTS_DELETE_CERT_PROMPT_DELETE=Do you really want to delete this \
entry from the key store?
ERR_MANAGE_CERTS_DELETE_CERT_CANCELED=The delete operation was canceled and \
the key store was not updated.
ERR_MANAGE_CERTS_DELETE_CERT_DELETE_ERROR=ERROR: An error occurred when \
trying to delete the ''{0}'' entry from the key store:
INFO_MANAGE_CERTS_DELETE_CERT_DELETED_CERT=Successfully deleted the \
certificate from the key store.
INFO_MANAGE_CERTS_DELETE_CERT_DELETED_CHAIN=Successfully deleted the \
certificate chain and its associated private key from the key store.
ERR_MANAGE_CERTS_GEN_CERT_NO_FILE_WITH_DER=ERROR: An output file must be \
specified when using the binary DER output format.
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_WITHOUT_KS=ERROR: If the \
--use-existing-key-pair argument is provided, then the key store file must \
already exist.
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_KEY_ALG=ERROR: Unrecognized public key \
algorithm ''{0}''. Suggested key algorithm names include ''RSA'' and ''EC''.
ERR_MANAGE_CERTS_GEN_CERT_NO_KEY_SIZE_FOR_NON_RSA_KEY=ERROR: If the \
--key-algorithm argument is used to specify a key algorithm other than \
''RSA'', then the --key-size-bits argument must also be provided to specify \
the key size.
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG=ERROR: Unrecognized signature \
algorithm ''{0}''. Suggested signature algorithm names include \
''SHA256withRSA'', ''SHA384withRSA'', ''SHA512withRSA'', \
''SHA256withECDSA'', ''SHA384withECDSA'', and ''SHA512withECDSA''.
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CERT=ERROR: The existing \
certificate uses an unrecognized signature algorithm with OID ''{0}''.
ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CSR=ERROR: The existing \
certificate signing request uses an unrecognized signature algorithm with \
OID ''{0}''.
ERR_MANAGE_CERTS_GEN_CERT_NO_SIG_ALG_FOR_NON_RSA_KEY=ERROR: If the \
--key-algorithm argument is used to specify a key algorithm other than \
''RSA'', then the --signature-algorithm argument must also be provided to \
specify the signature algorithm.
ERR_MANAGE_CERTS_GEN_CERT_BC_PATH_LENGTH_WITHOUT_CA=ERROR: The \
--basic-constraints-path-length argument cannot be used unless the \
--basic-constraints-is-ca argument is also provided with a value of ''true''.
ERR_MANAGE_CERTS_GEN_CERT_INVALID_KEY_USAGE=ERROR: Invalid value ''{0}'' \
provided for the --key-usage argument. Allowed values are: \
''digital-signature'', ''non-repudiation'', ''key-encipherment'', \
''data-encipherment'', ''key-agreement'', ''key-cert-sign'', ''crl-sign'', \
''encipher-only'', and ''decipher-only''.
ERR_MANAGE_CERTS_GEN_CERT_INVALID_EXTENDED_KEY_USAGE=ERROR: Invalid value \
''{0}'' provided for the --extended-key-usage argument. Allowed values \
are: ''server-auth'', ''client-auth'', ''code-signing'', \
''email-protection'', ''time-stamping'', and ''ocsp-signing'', or the \
string representation of any valid object identifier.
ERR_MANAGE_CERTS_GEN_CERT_EXTENDED_KEY_USAGE_ERROR=ERROR: Unable to create \
an extended key usage extension with the provided values:
ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED_OID=ERROR: Unable to create an \
extension from value ''{0}'' because it has a malformed OID ''{1}'' that is \
not a strictly valid object identifier.
ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_CRITICALITY=ERROR: Unable to create an \
extension from value ''{0}'' because the criticality value ''{1}'' could \
not be parsed as a Boolean value. The criticality should be either \
''true'' or ''false'' (without the single quotes).
ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_VALUE=ERROR: Unable to create an \
extension from value ''{0}'' because the value portion could not be parsed \
as a valid hexadecimal string with an even number of characters.
ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED=ERROR: Unable to create an extension \
from value ''{0}'' because that value could not be parsed in the form \
''oid:criticality:value'', where oid is the object identifier for the \
extension, criticality is either ''true'' or ''false'', and value is the \
hexadecimal representation of the bytes to include in the extension value.
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_ALIAS_IS_CERT=ERROR: Alias ''{0}'' \
in key store ''{1}'' is associated with a certificate entry that does not \
include a private key. The --use-existing-key-pair argument can only be \
used with an alias that represents a private key entry.
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_NO_SUCH_ALIAS=ERROR: Alias ''{0}'' \
does not exist in key store ''{1}''.
ERR_MANAGE_CERTS_GEN_CERT_USE_EXISTING_KP_COULD_NOT_GET_CERT=ERROR: An error \
occurred while attempting to retrieve the certificate and corresponding \
key pair at the head of the chain stored in alias ''{0}'':
ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT=ERROR: An error occurred \
while trying to generate a self-signed certificate with the provided \
settings:
ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE=ERROR: An error occurred \
while attempting to write the updated key store:
ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR=ERROR: An error occurred \
while trying to generate a certificate signing request with the provided \
settings:
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR=ERROR: An error occurred while \
trying to write the generated certificate signing request:
ERR_MANAGE_CERTS_GEN_CERT_NO_SUBJECT_DN_WITHOUT_USE_EXISTING_KP=ERROR: The \
--subject-dn argument must be provided unless the --use-existing-key-pair \
argument is provided.
ERR_MANAGE_CERTS_GEN_CERT_ALIAS_EXISTS_WITHOUT_USE_EXISTING_KP=ERROR: Alias \
''{0}'' is already in use in the key store. The specified alias must not \
exist unless the --use-existing-key-pair argument is also provided.
INFO_MANAGE_CERTS_GEN_CERT_CERT_CREATED_KEYSTORE=Successfully created a new \
{0} key store.
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT=Successfully \
generated the following self-signed certificate:
INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE=Successfully wrote the \
generated certificate to file ''{0}''.
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT=ERROR: An error occurred while \
attempting to write the generated certificate to file ''{0}'':
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR=Successfully wrote the \
certificate signing request to file ''{0}''.
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_KEYPAIR=Successfully \
generated the key pair to use for the certificate signing request.
ERR_MANAGE_CERTS_GEN_CERT_SIGN_ALIAS_IS_CERT=ERROR: Alias ''{0}'' in \
key store ''{1}'' is associated with a certificate entry that does not \
include a private key. The signing certificate must have a private key.
ERR_MANAGE_CERTS_GEN_CERT_SIGN_NO_SUCH_ALIAS=ERROR: Alias ''{0}'' does \
not exist in key store ''{1}''. The signing certificate must exist and must \
have a private key.
ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANNOT_GET_SIGNING_CERT=ERROR: An error \
occurred while attempting to retrieve the signing certificate and its \
corresponding key pair with alias ''{0}'' from the key store:
INFO_MANAGE_CERTS_GEN_CERT_SIGN_CONFIRM=Read the following certificate \
signing request:
INFO_MANAGE_CERTS_GEN_CERT_PROMPT_SIGN=Do you really want to sign this request?
ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANCELED=The operation was canceled and the \
certificate signing request was not signed.
ERR_MANAGE_CERTS_GEN_CERT_ERROR_SIGNING_CERT=ERROR: An error occurred \
while trying to generate a signed certificate with the provided settings:
ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_SIGNED_CERT=ERROR: An error occurred \
while trying to write the signed certificate:
INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_SIGNED_CERT=Successfully wrote the \
signed certificate to file ''{0}''.
ERR_MANAGE_CERTS_CHANGE_ALIAS_NO_SUCH_ALIAS=ERROR: The key store does not \
have an existing entry with alias ''{0}''.
ERR_MANAGE_CERTS_CHANGE_ALIAS_CANNOT_GET_EXISTING_ENTRY=ERROR: An error \
occurred while attempting to retrieve the contents of the existing entry \
with alias ''{0}''
ERR_MANAGE_CERTS_CHANGE_ALIAS_NEW_ALIAS_IN_USE=ERROR: The key store already \
has an entry with alias ''{0}''.
ERR_MANAGE_CERTS_CHANGE_ALIAS_CANNOT_UPDATE_KEYSTORE=ERROR: An error \
occurred while attempting to update the key store to set the new alias:
INFO_MANAGE_CERTS_CHANGE_ALIAS_SUCCESSFUL=Successfully changed the alias from \
''{0}'' to ''{1}''.
INFO_MANAGE_CERTS_CHANGE_KS_PW_SUCCESSFUL=Successfully changed the password \
for key store ''{0}''.
ERR_MANAGE_CERTS_CHANGE_PK_PW_ALIAS_IS_CERT=ERROR: Alias ''{0}'' references \
a certificate entry for which there is no private key. You can only change \
the private key password for entries that have a private key.
ERR_MANAGE_CERTS_CHANGE_PK_PW_NO_SUCH_ALIAS=ERROR: Alias ''{0}'' does not \
exist in the key store.
ERR_MANAGE_CERTS_CHANGE_PK_PW_WRONG_PK_PW=ERROR: Unable to retrieve the \
private key stored in alias ''{0}''. The most likely reason is that the \
provided current private key password is incorrect.
ERR_MANAGE_CERTS_CHANGE_PK_PW_CANNOT_GET_PK=ERROR: An error occurred while \
attempting to retrieve the private key stored in alias ''{0}'':
ERR_MANAGE_CERTS_CHANGE_PK_PW_CANNOT_UPDATE_KS=ERROR: An error occurred \
while attempting to update the key store:
INFO_MANAGE_CERTS_CHANGE_PK_PW_SUCCESSFUL=Successfully changed the private \
key password for alias ''{0}''.
ERR_MANAGE_CERTS_COPY_KS_NO_SUCH_SOURCE_ALIAS=ERROR: No entry exists with \
alias ''{0}'' in source key store ''{1}''.
ERR_MANAGE_CERTS_COPY_KS_CANNOT_GET_SOURCE_ALIASES=ERROR: Unable to retrieve \
information about available aliases from source key store ''{0}'': {1}
INFO_MANAGE_CERTS_COPY_KS_NO_CERTS_COPIED_EXISTING_KS=Source key store \
''{0}'' does not contain any certificates to copy, and destination key \
store ''{1}'' already exists. No changes are required.
ERR_MANAGE_CERTS_COPY_KS_CONFLICTING_ALIAS=ERROR: An entry with alias \
''{0}'' already exists in destination key store ''{1}''. The {2} \
subcommand cannot be used to overwrite existing entries in the destination \
key store.
ERR_MANAGE_CERTS_COPY_KS_CANNOT_CHECK_DEST_ALIAS=ERROR: Unable to check \
whether an entry already exists in destination key store ''{0}'' with \
alias ''{1}'': {2}
ERR_MANAGE_CERTS_COPY_KS_ERROR_COPYING_ENTRY=ERROR: Unable to copy the \
entry with alias ''{0}'' from source key store ''{1}'' to destination key \
store ''{2}'': {3}
INFO_MANAGE_CERTS_COPY_KS_NO_CERTS_COPIED_KS_CREATED=Source key store ''{0}'' \
does not contain any certificates to copy, but new, empty {1} destination \
key store ''{2}'' was successfully created.
INFO_MANAGE_CERTS_COPY_KS_CERTS_COPIED_HEADER=Successfully copied the \
following entries from source key store ''{0}'' to {1} destination key \
store ''{2}'':
ERR_MANAGE_CERTS_RETRIEVE_CERT_NO_CERT_CHAIN_RECEIVED=ERROR: Did not \
receive the certificate chain from {0} after waiting for up to 90 seconds.
ERR_MANAGE_CERTS_RETRIEVE_CERT_EMPTY_CHAIN=ERROR: Received an empty \
certificate chain from the server.
ERR_MANAGE_CERTS_RETRIEVE_CERT_CANNOT_WRITE_TO_FILE=An error occurred while \
attempting to write certificate information to file ''{0}'': {1}
INFO_MANAGE_CERTS_RETRIEVE_CERT_DISPLAY_HEADER=Certificate {0,number,0} of \
{1,number,0} in the chain:
ERR_MANAGE_CERTS_TRUST_SERVER_ALIAS_IN_USE=ERROR: Alias ''{0}'' is already \
in use in the key store.
ERR_MANAGE_CERTS_TRUST_SERVER_NO_CERT_CHAIN_RECEIVED=ERROR: Did not \
receive the certificate chain from {0} after waiting for up to 90 seconds.
INFO_MANAGE_CERTS_TRUST_SERVER_RETRIEVED_CHAIN=Retrieved the following \
certificate chain from {0}:
INFO_MANAGE_CERTS_TRUST_SERVER_NOTE_OMITTED=NOTE: The following certificate \
will not be added to the key store because the --issuers-only argument was \
provided:
INFO_MANAGE_CERTS_TRUST_SERVER_PROMPT_TRUST=Do you wish to trust this \
certificate chain and add the certificates into the trust store?
ERR_MANAGE_CERTS_TRUST_SERVER_CHAIN_REJECTED=The server certificate chain was \
rejected and the key store has not been updated.
ERR_MANAGE_CERTS_TRUST_SERVER_INVALID_PROMPT_RESPONSE=ERROR: You must enter \
either ''yes'' to trust the certificate chain and add it into the key \
store, or ''no'' to reject it and exit.
ERR_MANAGE_CERTS_TRUST_SERVER_CANNOT_READ_PROMPT_RESPONSE=ERROR: Unable to \
read the response to the prompt:
ERR_MANAGE_CERTS_TRUST_SERVER_ERROR_ADDING_CERT_TO_KS=ERROR: An error \
occurred while trying to add certificate ''{0}'' to the key store:
INFO_MANAGE_CERTS_TRUST_SERVER_CERT_CREATED_KEYSTORE=Successfully created a \
new {0} key store.
INFO_MANAGE_CERTS_TRUST_SERVER_ADDED_CERT_TO_KS=Successfully added 1 \
certificate to the key store.
INFO_MANAGE_CERTS_TRUST_SERVER_ADDED_CERTS_TO_KS=Successfully added \
{0,number,0} certificates to the key store.
ERR_MANAGE_CERTS_CHECK_USABILITY_CANNOT_GET_CHAIN=ERROR: An error occurred \
while retrieving the certificate chain contained in the key entry with \
alias ''{0}'':
INFO_MANAGE_CERTS_CHECK_USABILITY_GOT_CHAIN=Successfully retrieved the \
certificate chain for alias ''{0}'':
ERR_MANAGE_CERTS_CHECK_USABILITY_NO_PRIVATE_KEY=ERROR: Alias ''{0}'' \
contains only a certificate entry with no corresponding private key. A \
server certificate must have both a private key and a certificate chain.
ERR_MANAGE_CERTS_CHECK_USABILITY_NO_SUCH_ALIAS=ERROR: Alias ''{0}'' does not \
exist in the key store.
WARN_MANAGE_CERTS_CHECK_USABILITY_CERT_IS_SELF_SIGNED=WARNING: Certificate \
''{0}'' is self-signed. While this is valid and will yield encryption that \
is just as strong as if the certificate had been signed by another \
certificate, self-signed certificates can encourage bad behavior among \
clients because rather than configuring the client with explicit knowledge \
of the server certificate, the client might be configured to blindly trust \
any certificate that is presented to it, which leaves that communication \
vulnerable to man-in-the-middle attacks. It is recommended that server \
certificates be signed by a common issuer so that clients can be configured \
to trust that issuer certificate, and they can automatically trust any \
certificate signed by that issuer.
ERR_MANAGE_CERTS_CHECK_USABILITY_END_OF_CHAIN_NOT_SELF_SIGNED=ERROR: The \
certificate chain stored in alias ''{0}'' is not complete because it does \
not end with a self-signed certificate.
ERR_MANAGE_CERTS_CHECK_USABILITY_CHAIN_ISSUER_MISMATCH=ERROR: The \
certificate chain stored in alias ''{0}'' is not valid because the \
certificates in it do not constitute a single continuous change. The \
certificate with subject ''{1}'' is not the issuer certificate for the \
certificate with subject ''{2}'' that immediately precedes it in the \
chain: {3}
INFO_MANAGE_CERTS_CHECK_USABILITY_CHAIN_COMPLETE=OK: The certificate chain \
is complete. Each subsequent certificate is the issuer for the previous \
certificate in the chain, and the chain ends with a self-signed certificate.
INFO_MANAGE_CERTS_CHECK_USABILITY_CA_TRUSTED_OK=OK: CA certificate ''{0}'' \
was found in the JVM''s default set of trusted certificates. Most clients \
will likely trust this issuer.
INFO_MANAGE_CERTS_CHECK_USABILITY_CA_NOT_IN_JVM_DEFAULT_TS=NOTICE: CA \
certificate ''{0}'' was not found in the JVM''s default set of trusted \
certificates. Clients will likely need special configuration to trust this \
certificate chain.
WARN_MANAGE_CERTS_CHECK_USABILITY_CHECK_CA_IN_TS_ERROR=WARNING: An error \
occurred while attempting to determine whether CA certificate ''{0}'' is \
contained in the JVM-default trust store: {1}
INFO_MANAGE_CERTS_CHECK_USABILITY_CERT_SIGNATURE_VALID=OK: Certificate \
''{0}'' has a valid signature.
ERR_MANAGE_CERTS_CHECK_USABILITY_END_CERT_NOT_YET_VALID=ERROR: Certificate \
''{0}'' is not yet valid. It will not be valid until {1}.
ERR_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_NOT_YET_VALID=ERROR: Issuer \
certificate ''{0}'' is not yet valid. It will not be valid until {1}.
ERR_MANAGE_CERTS_CHECK_USABILITY_END_CERT_EXPIRED=ERROR: Certificate \
''{0}'' expired at {1}.
ERR_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_EXPIRED=ERROR: Issuer \
certificate ''{0}'' expired at {1}.
WARN_MANAGE_CERTS_CHECK_USABILITY_END_CERT_NEAR_EXPIRATION=WARNING: \
Certificate ''{0}'' will expire at {1}. To ensure seamless operation, you \
will need to renew the certificate before that time.
WARN_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_NEAR_EXPIRATION=WARNING: \
Issuer certificate ''{0}'' will expire at {1}. Clients will stop trusting \
a certificate once its issuer has expired. To ensure seamless operation, \
you will need to renew the certificate before that time and ensure that the \
new certificate is signed by an issuer that will not expire in the near \
future.
INFO_MANAGE_CERTS_CHECK_USABILITY_END_CERT_VALIDITY_OK=OK: Certificate \
''{0}'' will expire at {1}, which is not in the near future.
INFO_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_VALIDITY_OK=OK: Issuer \
certificate ''{0}'' will expire at {1}, which is not in the near future.
ERR_MANAGE_CERTS_CHECK_USABILITY_END_CERT_BAD_EKU=ERROR: Certificate ''{0}'' \
at the head of the chain includes an extended key usage extension, but \
that extension does not include the ''serverAuth'' usage. Clients that \
check this extension will not accept the certificate as a TLS server \
certificate.
INFO_MANAGE_CERTS_CHECK_USABILITY_END_CERT_GOOD_EKU=OK: Certificate ''{0}'' \
at the head of the chain includes an extended key usage extension, and \
that extension includes the ''serverAuth'' usage.
ERR_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_BAD_BC_CA=ERROR: Issuer \
certificate ''{0}'' includes a basic constraints extension that indicates \
the certificate is not permitted to act as a certification authority. \
Clients that check this extension will not accept the certificate chain.
ERR_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_BAD_BC_LENGTH=ERROR: Issuer \
certificate ''{0}'' includes a basic constraints extension with a path \
length value of {1,number,0}, which means that there must not be more than \
{1,number,0} intermediate certificate(s) between that certificate and \
the subject certificate. However, the number of intermediate certificates \
between subject certificate ''{2}'' and issuer certificate ''{0}'' is \
{3,number,0}. Clients that check this extension will likely not accept the \
certificate chain.
INFO_MANAGE_CERTS_CHECK_USABILITY_ISSUER_CERT_GOOD_BC=OK: Issuer \
certificate ''{0}'' includes a basic constraints extension, and the \
certificate chain satisfies those constraints.
ERR_MANAGE_CERTS_CHECK_USABILITY_ISSUER_NO_CERT_SIGN_KU=ERROR: Issuer \
certificate ''{0}'' includes a key usage extension, but that extension does \
not have the keyCertSign usage flag set to true. Clients that check this \
extension will not trust it to sign other certificates.
INFO_MANAGE_CERTS_CHECK_USABILITY_ISSUER_GOOD_KU=OK: Issuer certificate \
''{0}'' includes a key usage extension with the keyCertSign usage flag set \
to true.
WARN_MANAGE_CERTS_CHECK_USABILITY_NO_EKU=WARNING: Certificate ''{0}'' does \
not have an extended key usage extension. It is generally recommended that \
TLS server certificates have an extended key usage extension with at least \
the serverAuth usage ID.
WARN_MANAGE_CERTS_CHECK_USABILITY_NO_BC=WARNING: Issuer certificate ''{0}'' \
does not have a basic constraints extension. It is generally recommended \
that all issuer certificates have this extension to indicate that they \
are permitted to act as a certification authority.
WARN_MANAGE_CERTS_CHECK_USABILITY_NO_KU=WARNING: Issuer certificate ''{0}'' \
does not have a key usage extension. It is generally recommended that all \
issuer certificates have this extension with at least the keyCertSign \
usage to indicate that they are allowed to sign other certificates.
WARN_MANAGE_CERTS_CHECK_USABILITY_UNKNOWN_SIG_ALG=WARNING: Certificate \
''{0}'' uses a signature algorithm of ''{1}'', which is not a recognized \
algorithm. Unable to determine the strength of the signature algorithm.
ERR_MANAGE_CERTS_CHECK_USABILITY_WEAK_SIG_ALG=ERROR: Certificate ''{0}'' \
uses a signature algorithm of ''{1}'', which is considered weak. Some \
clients may not accept certificates with this signature algorithm.
WARN_MANAGE_CERTS_CHECK_USABILITY_ISSUER_WITH_SHA1_SIG=WARNING: Issuer \
certificate ''{0}'' uses a signature algorithm of ''{1}'', which uses the \
weak SHA-1 message digest. Many clients will not accept server \
certificates with this signature algorithm, and some may not accept issuer \
certificates with this algorithm. However, this is not considered an error \
because the ''{2}'' argument was provided.
INFO_MANAGE_CERTS_CHECK_USABILITY_SIG_ALG_OK=OK: Certificate ''{0}'' uses a \
signature algorithm of ''{1}'', which is considered strong.
ERR_MANAGE_CERTS_CHECK_USABILITY_WEAK_RSA_MODULUS=ERROR: Certificate ''{0}'' \
has a {1,number,0}-bit RSA public key, which is considered weak. RSA keys \
should have a size of at least 2048 bits.
INFO_MANAGE_CERTS_CHECK_USABILITY_RSA_MODULUS_OK=OK: Certificate ''{0}'' \
has a {1,number,0}-bit RSA public key, which is considered strong.
ERR_MANAGE_CERTS_CHECK_USABILITY_ONE_ERROR=1 usability error was identified \
while validating the certificate chain.
ERR_MANAGE_CERTS_CHECK_USABILITY_MULTIPLE_ERRORS={0,number,0} usability \
errors were identified while validating the certificate chain.
ERR_MANAGE_CERTS_CHECK_USABILITY_ONE_WARNING=No usability errors were \
identified while validating the certificate chain, but 1 usability warning \
was identified.
ERR_MANAGE_CERTS_CHECK_USABILITY_MULTIPLE_WARNINGS=No usability errors were \
identified while validating the certificate chain, but {0,number,0} \
usability warnings were identified.
INFO_MANAGE_CERTS_CHECK_USABILITY_NO_ERRORS_OR_WARNINGS=No usability errors \
or warnings were identified while validating the certificate chain.
INFO_MANAGE_CERTS_DISPLAY_CERT_NO_CERTS=There are no certificates in file \
''{0}''.
INFO_MANAGE_CERTS_APPROXIMATE_KEYTOOL_COMMAND=# Approximately equivalent \
keytool command:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_SUBJECT_DN=Subject DN: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_ISSUER_DN=Issuer DN: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_VALIDITY_START=Validity Start Time: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_VALIDITY_END=Validity End Time: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_VALIDITY_STATE_VALID=Validity State: The \
certificate is currently within the validity window.
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_VALIDITY_STATE_NOT_YET_VALID=Validity \
State: The certificate is not yet valid.
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_VALIDITY_STATE_EXPIRED=Validity State: \
The certificate is expired.
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_FINGERPRINT={0} Fingerprint: {1}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_VERSION=X.509 Certificate Version: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_SERIAL_NUMBER=Serial Number: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_SIG_ALG=Signature Algorithm: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_SIG_VALUE=Signature Value:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_PK_ALG=Public Key Algorithm: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_ENCODED_PK=Encoded Public Key:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_RSA_MODULUS={0,number,0}-bit RSA Modulus:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_RSA_EXPONENT=RSA Public Exponent: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_RSA_KEY_SIZE=RSA Key Size: {0,number,0} \
bits
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_CURVE=Elliptic Curve Named Curve: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_IS_COMPRESSED=Elliptic Curve Public Key \
Is Compressed: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_X=Elliptic Curve X-Coordinate: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_Y=Elliptic Curve Y-Coordinate: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EC_Y_IS_EVEN=Elliptic Curve Y-Coordinate \
Is Even: {0}
INFO_MANAGE_CERTS_GET_PK_SUMMARY_RSA_MODULUS_SIZE={0,number,0}-bit
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_SUBJECT_UNIQUE_ID=Subject Unique Identifier:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_ISSUER_UNIQUE_ID=Issuer Unique Identifier:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXTENSIONS=Certificate Extensions:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_OID=OID: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_IS_CRITICAL=Is Critical: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_AUTH_KEY_ID_EXT=Authority Key \
Identifier Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_AUTH_KEY_ID_ID=Key Identifier:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_AUTH_KEY_ID_ISSUER=Authority \
Certificate Issuer:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_AUTH_KEY_ID_SERIAL=Authority \
Certificate Serial Number: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_BASIC_CONST_EXT=Basic Constraints \
Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_BASIC_CONST_IS_CA=Is CA: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_BASIC_CONST_LENGTH=Path Length \
Constraint: {0,number,0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_CRL_DP_EXT=CRL Distribution Points \
Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_CRL_DP_HEADER=CRL Distribution Point:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_CRL_DP_FULL_NAME=Full Name:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_CRL_DP_REL_NAME=Name Relative to CRL \
Issuer: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_CRL_DP_REASON=Potential Revocation \
Reasons:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_CRL_DP_CRL_ISSUER=CRL Issuer:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_EKU_EXT=Extended Key Usage Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_EKU_ID=Key Purpose ID: {0}
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_IAN_EXT=Issuer Alternative Name \
Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_EXT=Key Usage Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_USAGES=Key Usages:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_DS=Digital Signature
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_NR=Non-Repudiation
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_KE=Key Encipherment
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_DE=Data Encipherment
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_KA=Key Agreement
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_KCS=Key Cert Sign
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_CRL_SIGN=CRL Sign
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_EO=Encipher Only
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_KU_DO=Decipher Only
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_SAN_EXT=Subject Alternative Name \
Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_SKI_EXT=Subject Key Identifier \
Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_SKI_ID=Key Identifier:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_GENERIC=Extension:
INFO_MANAGE_CERTS_PRINT_CERT_LABEL_EXT_VALUE=Extension Value:
INFO_MANAGE_CERTS_PRINT_CSR_LABEL_VERSION=PKCS #10 Certificate Signing \
Request Version: {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_DNS=DNS Name: {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_IP=IP Address: {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_RFC_822_NAME=RFC 822 Name (Email \
Address): {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_DIRECTORY_NAME=Directory Name: {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_URI=URI: {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_REGISTERED_ID=Registered ID: {0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_OTHER_NAME_COUNT=Other Name Count: \
{0,number,0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_X400_ADDR_COUNT=X.400 Address Count: \
{0,number,0}
INFO_MANAGE_CERTS_GENERAL_NAMES_LABEL_EDI_PARTY_NAME_COUNT=EDI Party Name \
Count: {0,number,0}
ERR_MANAGE_CERTS_CANNOT_INVOKE_COMMAND=ERROR: An error occurred while trying \
to invoke the ''{0}'' command:
ERR_MANAGE_CERTS_ERROR_WAITING_FOR_COMMAND=ERROR: An error occurred while \
waiting for the ''{0}'' command to complete:
ERR_MANAGE_CERTS_GET_KS_PW_TOO_SHORT=ERROR: The specified key store password \
is too short. The password must contain at least six characters.
ERR_MANAGE_CERTS_GET_KS_PW_EMPTY_FILE=ERROR: Unable to read the key store \
password from file ''{0}'' because the file is empty. The file must have \
exactly one line, consisting only of the clear-text key store password.
ERR_MANAGE_CERTS_GET_KS_PW_MULTI_LINE_FILE=ERROR: Unable to read the \
key store password from file ''{0}'' because the file has multiple lines. \
The file must have exactly one line, consisting only of the clear-text \
key store password.
ERR_MANAGE_CERTS_GET_KS_PW_ERROR_READING_FILE=ERROR: An error occurred while \
attempting to read the key store password from file ''{0}'': {1}
INFO_MANAGE_CERTS_KEY_KS_PW_EXISTING_CURRENT_PROMPT=Please enter the current \
password needed to access key store ''{0}'':
INFO_MANAGE_CERTS_KEY_KS_PW_EXISTING_NEW_PROMPT=Please enter the new password \
for the key store:
INFO_MANAGE_CERTS_KEY_KS_PW_EXISTING_PROMPT=Please enter the password needed \
to access key store ''{0}'':
INFO_MANAGE_CERTS_KEY_KS_PW_NEW_PROMPT_1=Please enter the password to use \
to protect the contents of key store ''{0}'':
INFO_MANAGE_CERTS_KEY_KS_PW_NEW_PROMPT_2=Confirm the key store password:
ERR_MANAGE_CERTS_KEY_KS_PW_PROMPT_MISMATCH=ERROR: The provided passwords do \
not match.
ERR_MANAGE_CERTS_GET_PK_ENC_PW_ERROR_READING_FILE=ERROR: An error occurred \
while attempting to read the private key encryption password from file \
''{0}'': {1}
INFO_MANAGE_CERTS_GET_PK_ENC_PW_PROMPT_DECRYPT=Enter the password used to \
encrypt the private key:
INFO_MANAGE_CERTS_GET_PK_ENC_PW_PROMPT_ENCRYPT_1=Enter the password to use to \
encrypt the private key:
INFO_MANAGE_CERTS_GET_PK_ENC_PW_PROMPT_ENCRYPT_2=Confirm the private key \
encryption password:
INFO_MANAGE_CERTS_GET_PK_ENC_PW_PROMPT_MISMATCH=ERROR: The private key \
encryption passwords do not match.
ERR_MANAGE_CERTS_PROMPT_FOR_PW_EMPTY_PW=ERROR: The password must not be empty.
ERR_MANAGE_CERTS_PROMPT_FOR_YES_NO_INVALID_RESPONSE=ERROR: Your response \
must be either ''yes'' or ''no''.
ERR_MANAGE_CERTS_PROMPT_FOR_YES_NO_READ_ERROR=ERROR: An error occurred while \
trying to read the response from standard input: {0}
ERR_MANAGE_CERTS_GET_PK_PW_TOO_SHORT=ERROR: The specified private key \
password is too short. The password must contain at least six characters.
ERR_MANAGE_CERTS_GET_PK_PW_EMPTY_FILE=ERROR: Unable to read the private key \
password from file ''{0}'' because the file is empty. The file must have \
exactly one line, consisting only of the clear-text private key password.
ERR_MANAGE_CERTS_GET_PK_PW_MULTI_LINE_FILE=ERROR: Unable to read the \
private key password from file ''{0}'' because the file has multiple \
lines. The file must have exactly one line, consisting only of the \
clear-text private key password.
ERR_MANAGE_CERTS_GET_PK_PW_ERROR_READING_FILE=ERROR: An error occurred while \
attempting to read the private key password from file ''{0}'': {1}
INFO_MANAGE_CERTS_GET_PK_PW_CURRENT_PROMPT=Please enter the current private \
key password for alias ''{0}'':
INFO_MANAGE_CERTS_GET_PK_PW_EXISTING_PROMPT=Please enter the password used \
to encrypt the private key for alias ''{0}'':
INFO_MANAGE_CERTS_GET_PK_PW_NEW_PROMPT=Please enter the new private key \
password:
INFO_MANAGE_CERTS_GET_PK_PW_NEW_PROMPT_1=Please enter the password to use \
to protect the private key for alias ''{0}'':
INFO_MANAGE_CERTS_GET_PK_PW_NEW_PROMPT_2=Confirm the new private key password:
ERR_MANAGE_CERTS_GET_PK_PW_PROMPT_MISMATCH=ERROR: The provided passwords do \
not match.
ERR_MANAGE_CERTS_GET_PK_PW_PROMPT_ERROR=ERROR: An error occurred while \
attempting to prompt for the private key password for alias ''{0}'': {1}
ERR_MANAGE_CERTS_INFER_KS_TYPE_EMPTY_FILE=ERROR: Unable to infer the \
key store type for the key store held in file ''{0}'' because that file is \
empty and cannot represent a valid JKS, PKCS #12, or BCFKS key store.
ERR_MANAGE_CERTS_INFER_KS_TYPE_UNEXPECTED_FIRST_BYTE=ERROR: Unable to infer \
the key store type for the key store held in file ''{0}'' because the file \
had a first byte of {1}, which is not the expected first byte of a JKS, \
PKCS #12, or BCFKS key store.
ERR_MANAGE_CERTS_INFER_KS_TYPE_ERROR_READING_FILE=ERROR: Unable to infer the \
type for file ''{0}'' because an error occurred while reading from the \
file: {1}
ERR_MANAGE_CERTS_CANNOT_INSTANTIATE_KS_TYPE=ERROR: Unable to instantiate a \
key store of type ''{0}'': {1}
ERR_MANAGE_CERTS_CANNOT_OPEN_KS_FILE_FOR_READING=ERROR: Unable to open \
key store file ''{0}'' for reading: {1}
ERR_MANAGE_CERTS_CANNOT_LOAD_KS_WRONG_PW=ERROR: Unable to load the contents \
of key store file ''{0}'' because the correct key store password was not \
provided. Please provide the correct key store password.
ERR_MANAGE_CERTS_ERROR_CANNOT_LOAD_KS=ERROR: An error occurred while trying \
to load the contents of the key store from file ''{0}'': {1}
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_READ_ERROR=ERROR: An error occurred \
while attempting to read the certificates from file ''{0}'': {1}
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_DER_NOT_VALID_ASN1=ERROR: Unable to \
read an ASN.1 DER element from certificate file ''{0}'': {1}
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_DER_NOT_VALID_CERT=ERROR: Unable to \
decode a DER element read from certificate file ''{0}'' as an X.509 \
certificate: {1}
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_MULTIPLE_BEGIN=ERROR: Unable to read a \
PEM-encoded certificate from file ''{0}'' because the file contains \
multiple ''BEGIN CERTIFICATE'' headers without an ''END CERTIFICATE'' \
footer between them.
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_END_WITHOUT_BEGIN=ERROR: Unable to \
read a PEM-encoded certificate from file ''{0}'' because the file contains \
an ''END CERTIFICATE'' footer without a corresponding ''BEGIN CERTIFICATE'' \
header.
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_DATA_WITHOUT_BEGIN=ERROR: Unable to \
read a PEM-encoded certificate from file ''{0}'' because the file contains \
a non-empty, non-comment line that does not appear between a ''BEGIN \
CERTIFICATE'' header and an ''END CERTIFICATE'' footer.
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_EOF_WITHOUT_END=ERROR: Unable to \
read a PEM-encoded certificate from file ''{0}'' because the end of the \
file was reached before finding an ''END CERTIFICATE'' footer to mark the \
end of the current certificate.
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_PEM_CERT_NOT_BASE64=ERROR: Unable to \
read a PEM-encoded certificate from file ''{0}'' because the data read \
between a ''BEGIN CERTIFICATE'' header and an ''END CERTIFICATE'' footer is \
not valid base64-encoded data: {0}
ERR_MANAGE_CERTS_READ_CERTS_FROM_FILE_PEM_CERT_NOT_CERT=ERROR: Unable to \
read a PEM-encoded certificate from file ''{0}'' because the data read \
between a ''BEGIN CERTIFICATE'' header and an ''END CERTIFICATE'' footer \
could not be parsed as a valid X.509 certificate: {1}
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_EMPTY_FILE=ERROR: Unable to read a \
private key from file ''{0}'' because the file is empty or does not contain \
a private key.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_DER_NOT_VALID_ASN1=ERROR: Unable to read \
an ASN.1 DER element from private key file ''{0}'': {1}
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_DER_NOT_VALID_PK=ERROR: Unable to decode \
a DER element read from certificate file ''{0}'' as an PKCS #8 private \
key: {1}
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_MULTIPLE_KEYS=ERROR: Unable to read a \
private key from file ''{0}'' because that file contains multiple keys. \
The private key file is only allowed to have a single private key.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_MULTIPLE_BEGIN=ERROR: Unable to read a \
PEM-encoded private key from file ''{0}'' because the file contains \
multiple ''BEGIN PRIVATE KEY'' headers. A private key file may only \
contain a single private key.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_PK_ENCRYPTED_NO_PW=ERROR: File ''{0}'' \
appears to contain the PEM representation of an encrypted private key, but \
no encryption password was provided. Use one of the --encryption-password, \
--encryption-password-file, or --prompt-for-encryption-password arguments to \
specify the encryption password.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_END_WITHOUT_BEGIN=ERROR: Unable to read \
a PEM-encoded private key from file ''{0}'' because the file contains an \
''END PRIVATE KEY'' footer without a corresponding ''BEGIN PRIVATE KEY'' \
header.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_DATA_WITHOUT_BEGIN=ERROR: Unable to read \
a PEM-encoded private key from file ''{0}'' because the file contains \
a non-empty, non-comment line that does not appear between a ''BEGIN \
PRIVATE KEY'' header and an ''END PRIVATE KEY'' footer.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_EOF_WITHOUT_END=ERROR: Unable to read a \
PEM-encoded private key from file ''{0}'' because the end of the file was \
reached before finding an ''END PRIVATE KEY'' footer to mark the end of the \
key.
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_PEM_PK_NOT_BASE64=ERROR: Unable to read a \
PEM-encoded private key from file ''{0}'' because the data read between a \
''BEGIN PRIVATE KEY'' header and an ''END PRIVATE KEY'' footer is not valid \
base64-encoded data: {0}
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_PEM_PK_NOT_PK=ERROR: Unable to read a \
PEM-encoded private key from file ''{0}'' because the data read between the \
''BEGIN PRIVATE KEY'' header and ''END PRIVATE KEY'' footer could not be \
parsed as a valid PKCS #8 private key: {1}
ERR_MANAGE_CERTS_READ_PK_FROM_FILE_READ_ERROR=ERROR: An error occurred while \
trying to read a private key from file ''{0}'': {1}
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_EMPTY_FILE=ERROR: Unable to read a \
certificate signing request from file ''{0}'' because the file is empty or \
does not contain a request.
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_DER_NOT_VALID_ASN1=ERROR: Unable to read \
an ASN.1 DER element from certificate signing request file ''{0}'': {1}
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_DER_NOT_VALID_CSR=ERROR: Unable to \
decode a DER element read from certificate signing request file ''{0}'' as a \
PKCS #10 certificate signing request: {1}
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_MULTIPLE_CSRS=ERROR: Unable to read a \
certificate signing request from file ''{0}'' because that file contains \
multiple requests. The certificate signing request file is only allowed to \
have a single request.
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_MULTIPLE_BEGIN=ERROR: Unable to read a \
PEM-encoded certificate signing request from file ''{0}'' because the file \
contains multiple begin headers. A certificate signing request file may \
only contain a single request.
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_END_WITHOUT_BEGIN=ERROR: Unable to read \
a PEM-encoded certificate signing request from file ''{0}'' because the \
file contains an end footer without a corresponding begin header.
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_DATA_WITHOUT_BEGIN=ERROR: Unable to read \
a PEM-encoded certificate signing request from file ''{0}'' because the \
file contains a non-empty, non-comment line that does not appear between a \
begin header and an end footer.
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_EOF_WITHOUT_END=ERROR: Unable to read a \
PEM-encoded certificate signing request from file ''{0}'' because the end \
of the file was reached before finding an end footer to mark the end of the \
request.
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_PEM_CSR_NOT_BASE64=ERROR: Unable to read \
a PEM-encoded certificate signing request from file ''{0}'' because the \
data read between a begin header and an end footer is not valid \
base64-encoded data: {0}
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_PEM_CSR_NOT_CSR=ERROR: Unable to read a \
PEM-encoded certificate signing request from file ''{0}'' because the data \
read between the begin header and end footer could not be parsed as a valid \
PKCS #10 certificate signing request: {1}
ERR_MANAGE_CERTS_READ_CSR_FROM_FILE_READ_ERROR=ERROR: An error occurred \
while trying to read a certificate signing request from file ''{0}'': {1}
INFO_MANAGE_CERTS_FORMAT_DATE_AND_TIME_IN_FUTURE={0} at {1} ({2} from now)
INFO_MANAGE_CERTS_FORMAT_DATE_AND_TIME_IN_PAST={0} at {1} ({2} ago)
ERR_MANAGE_CERTS_GET_CHAIN_ERROR=ERROR: An error occurred while trying to \
retrieve the certificate chain for alias ''{0}'': {1}
ERR_MANAGE_CERTS_GET_ISSUER_ERROR=ERROR: An error occurred while trying to \
retrieve the issuer certificate with subject ''{0}'': {1}
ERR_MANAGE_CERTS_PKCS11_WRITE_ERROR=ERROR: Unable to write to the PKCS #11 \
key store: {0}
ERR_MANAGE_CERTS_WRITE_KS_ERROR_COPYING_EXISTING_KS=ERROR: Unable to write a \
backup copy of existing key store ''{0}'' to file ''{1}'': {2}
ERR_MANAGE_CERTS_WRITE_KS_ERROR_WRITING_NEW_KS=ERROR: Unable to write \
key store file ''{0}'': {1}
ERR_MANAGE_CERTS_WRITE_KS_ERROR_OVERWRITING_KS=ERROR: Unable to write \
updates to key store file ''{0}'': {1}. A backup copy of the previous \
version of the key store is available as ''{2}''.
ERR_MANAGE_CERTS_WRITE_KS_ERROR_DELETING_KS_BACKUP=ERROR: Unable to \
delete the temporary backup ''{0}'' of key store ''{1}'': {2}
INFO_MANAGE_CERTS_EXAMPLE_LIST_1=List verbose information about each of the \
certificates in key store file ''{0}''. Also, display a command that can be \
used to obtain a similar result with the Java keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_EXPORT_CERT_1=Exports a PEM-formatted \
representation of the certificate contained in the ''server-cert'' alias in \
the ''{0}'' key store and writes it to the ''{1}'' output file. Also, \
display a command that can be used to obtain a similar result with the Java \
keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_EXPORT_KEY_1=Exports a PEM-formatted representation \
of the private key contained in the ''server-cert'' alias in the ''{0}'' \
key store and writes it to the ''{1}'' output file.
INFO_MANAGE_CERTS_EXAMPLE_IMPORT_1=Imports a certificate chain read from file \
''{0}'' and the corresponding private key read from file ''{1}'' into the \
''server-cert'' alias in the ''{2}'' key store. If the key store does not \
already exist, then it will be created using the JKS key store format.
INFO_MANAGE_CERTS_EXAMPLE_DELETE_1=Deletes the certificate stored in the \
''server-cert'' alias in the ''{0}'' key store.
INFO_MANAGE_CERTS_EXAMPLE_GEN_CERT_1=Generates a self-signed certificate with \
alias ''ca-cert'' in the ''{0}'' key store. If the key store does not \
already exist, then it will be created using the standard PKCS #12 format. \
The certificate will have a subject DN of ''CN=Example Authority,O=Example \
Corporation,C=US'', a 4096-bit RSA key, and a signature generated using the \
SHA256withRSA algorithm. The certificate will be valid for 7300 days \
starting at midnight local time on January 1, 2017. It will include a \
basic constraints extension that indicates the certificate can act as a \
certification authority, and a key usage extension that indicates that the \
key can be used for signing certificates and CRLs. Also, display a command \
that can be used to obtain a similar result with the Java keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_GEN_CSR_1=Generates a certificate signing request \
for a new certificate with subject ''CN=ldap.example.com,O=Example \
Corporation,C=US'' that will be stored in the ''server-cert'' alias in the \
''{0}'' key store. A new 256-bit elliptic curve key pair will be created, \
the request will be signed with the SHA256withECDSA signature algorithm, \
and the request will include a subject alternative name extension with \
alternate DNS names of ''ldap1.example.com'' and ''ldap2.example.com'', and \
an extended key usage extension to indicate that the certificate should be \
usable for either TLS server authentication or TLS client authentication. \
The certificate signing request will be written in PEM format to output \
file ''{1}''.
INFO_MANAGE_CERTS_EXAMPLE_GEN_CSR_2=Generates a certificate signing request \
intended to renew the existing certificate stored in alias ''server-cert'' \
in the ''{0}'' key store. The request will use the same subject DN and set \
of extensions as the certificate currently stored in that alias, and it \
will be written to standard output in PEM format.
INFO_MANAGE_CERTS_EXAMPLE_SIGN_CERT_1=Uses the ''ca-cert'' certificate in \
key store ''{0}'' to sign the certificate signing request (CSR) contained \
in file ''{1}'' and writes the signed certificate to PEM-formatted output \
file ''{2}''. The signed certificate will use the subject DN and set of \
extensions included in the request, and the resulting certificate will be \
valid for 730 days, starting immediately. Also, display a command that can \
be used to obtain a similar result with the Java keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_CHANGE_ALIAS_1=Updates the ''{0}'' key store to \
change the alias of the ''server-cert'' certificate to be \
''server-certificate''. Also, display a command that can be used to obtain \
a similar result with the Java keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_TRUST_SERVER_1=Connects to the ldap.example.com \
server on port 636 to retrieve the certificate chain that the server \
presents during TLS negotiation. That certificate chain will be added to \
the ''{0}'' key store with a base alias of ''ldap.example.com:636'' after \
interactively confirming that the certificate chain should be trusted.
INFO_MANAGE_CERTS_EXAMPLE_CHECK_USABILITY_1=Examines the ''server-cert'' \
certificate in the ''{0}'' key store to determine whether that certificate \
is suitable for use as a TLS server certificate.
INFO_MANAGE_CERTS_EXAMPLE_DISPLAY_CERT_1=Displays verbose information about \
all of the certificates contained in file ''{0}'', along with a command \
that can be used to obtain a similar result with the Java keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_DISPLAY_CSR_1=Displays information about the \
certificate signing request contained in file ''{0}'', along with a command \
that can be used to obtain a similar result with the Java keytool utility.
INFO_MANAGE_CERTS_EXAMPLE_HELP_SUBCOMMANDS_1=Displays a list of the \
subcommands available for use with this tool.
INFO_MANAGE_CERTS_CERT_COLLECTOR_CONNECTING=Connecting to {0} ...
INFO_MANAGE_CERTS_CERT_COLLECTOR_CONNECTED=Connected successfully.
ERR_MANAGE_CERTS_CERT_COLLECTOR_CONNECT_FAILED=ERROR: Unable to establish a \
connection to {0}.
INFO_MANAGE_CERTS_CERT_COLLECTOR_SENDING_START_TLS=Sending an LDAP StartTLS \
extended request to the server ...
INFO_MANAGE_CERTS_CERT_COLLECTOR_START_TLS_SUCCESSFUL=The server accepted the \
StartTLS request.
ERR_MANAGE_CERTS_CERT_COLLECTOR_START_TLS_FAILED=ERROR: The server rejected \
the StartTLS request.
INFO_MANAGE_CERTS_CERT_COLLECTOR_BEGINNING_TLS_NEGOTIATION=Beginning TLS \
negotiation on the connection ...
ERR_MANAGE_CERTS_CERT_COLLECTOR_ERROR_STARTING_TLS_NEGOTIATION=An error \
occurred while trying to start TLS negotiation.
ERR_MANAGE_CERTS_CERT_COLLECTOR_NO_CERT_CHAIN_RECEIVED=ERROR: Did not \
receive the certificate chain from {0} after waiting for up to 60 seconds.
INFO_MANAGE_CERTS_CERT_COLLECTOR_NEGOTIATED_TLS_PROTOCOL=Negotiated TLS \
protocol: {0}
INFO_MANAGE_CERTS_CERT_COLLECTOR_NEGOTIATED_TLS_SUITE=Negotiated TLS \
cipher suite: {0}
INFO_MANAGE_CERTS_CERT_COLLECTOR_GOT_CERT_CHAIN=Successfully retrieved the \
server certificate chain.
INFO_MANAGE_CERTS_CERT_COLLECTOR_CONNECTION_DONE=This connection was only \
established for the purpose of obtaining the server''s certificate chain. \
That certificate chain has been acquired, so this connection is no longer \
needed and TLS negotiation can be aborted.
ERR_MANAGE_CERTS_CERT_COLLECTOR_ERROR_PARSING_CERT_CHAIN=ERROR: Unable to \
parse the certificate chain received from the server {0} as a set of \
X.509 certificates.
ERR_X509_PEM_READER_EOF_WITHOUT_END=Unable to read a PEM-encoded X.509 \
certificate because the end of the data was encountered without finding \
an expected ''{0}'' footer that corresponds to the ''{1}'' header.
ERR_X509_PEM_READER_REPEATED_BEGIN=Unable to read a PEM-encoded X.509 \
certificate because an unexpected ''{0}'' header was found after having \
already begun the process of decoding a certificate.
ERR_X509_PEM_READER_END_WITHOUT_BEGIN=Unable to read a PEM-encoded X.509 \
certificate because an unexpected ''{0}'' footer was found without a \
preceding ''{1}'' header.
ERR_X509_PEM_READER_END_WITHOUT_DATA=Unable to read a PEM-encoded X.509 \
certificate because the ''{0}'' footer was encountered immediately after \
the ''{1}'' header and without reading any base64-encoded certificate data.
ERR_X509_PEM_READER_CANNOT_BASE64_DECODE=Unable to base64-decode the \
PEM-encoded certificate data.
ERR_X509_PEM_READER_DATA_WITHOUT_BEGIN=Unable to read a PEM-encoded X.509 \
certificate because unexpected data was found before encountering a \
''{0}'' header.
ERR_PKCS8_PEM_READER_EOF_WITHOUT_END=Unable to read a PEM-encoded PKCS #8 \
private key because the end of the data was encountered without finding \
an expected ''{0}'' footer that corresponds to the ''{1}'' header.
ERR_PKCS8_PEM_READER_REPEATED_BEGIN=Unable to read a PEM-encoded PKCS #8 \
private key because an unexpected ''{0}'' header was found after having \
already begun the process of decoding a private key.
ERR_PKCS8_PEM_READER_NO_PW_FOR_ENCRYPTED_KEY=Unable to read a PEM-encoded \
PKCS #8 private key because the private key is encrypted but no encryption \
password was provided.
ERR_PKCS8_PEM_READER_END_WITHOUT_BEGIN=Unable to read a PEM-encoded PKCS #8 \
private key because an unexpected ''{0}'' footer was found without a \
preceding ''{1}'' header.
ERR_PKCS8_PEM_READER_END_WITHOUT_DATA=Unable to read a PEM-encoded PKCS #8 \
private key because the ''{0}'' footer was encountered immediately after \
the ''{1}'' header and without reading any base64-encoded private key data.
ERR_PKCS8_PEM_READER_CANNOT_BASE64_DECODE=Unable to base64-decode the \
PEM-encoded private key data.
ERR_PKCS8_PEM_READER_DATA_WITHOUT_BEGIN=Unable to read a PEM-encoded PKCS #8 \
private key because unexpected data was found before encountering a \
''{0}'' header.
INFO_PKCS5_ALG_ID_DESC_PBES2=The PBES2 encryption scheme
INFO_PKCS5_ALG_ID_DESC_PBKDF2=The PBKDF2 key derivation function
INFO_PKCS5_ALG_ID_DESC_HMAC_SHA_1=The HMAC-SHA-1 pseudorandom function
INFO_PKCS5_ALG_ID_DESC_HMAC_SHA_224=The HMAC-SHA-224 pseudorandom function
INFO_PKCS5_ALG_ID_DESC_HMAC_SHA_256=The HMAC-SHA-256 pseudorandom function
INFO_PKCS5_ALG_ID_DESC_HMAC_SHA_384=The HMAC-SHA-384 pseudorandom function
INFO_PKCS5_ALG_ID_DESC_HMAC_SHA_512=The HMAC-SHA-512 pseudorandom function
INFO_PKCS5_ALG_ID_DESC_DES_EDE_CBC_PAD=The DESede/CBC/PKCS5Padding cipher \
transformation
INFO_PKCS5_ALG_ID_DESC_AES_128_CBC_PAD=The 128-bit AES/CBC/PKCS5Padding \
cipher transformation
INFO_PKCS5_ALG_ID_DESC_AES_192_CBC_PAD=The 192-bit AES/CBC/PKCS5Padding \
cipher transformation
INFO_PKCS5_ALG_ID_DESC_AES_256_CBC_PAD=The 256-bit AES/CBC/PKCS5Padding \
cipher transformation
ERR_PKCS8_ENC_HANDLER_CANNOT_PARSE_AS_ENC_KEY_SEQUENCE=Unable to decode an \
encrypted PKCS #8 private key because the encrypted key bytes cannot be \
parsed as a valid DER sequence.
ERR_PKCS8_ENC_HANDLER_SEQUENCE_UNEXPECTED_ENC_KEY_ELEMENT_COUNT=Unable to \
decode an encrypted PKCS #8 private key because the encrypted key sequence \
did not contain the expected 2 elements (intended to represent the \
encryption scheme algorithm identifier and the encrypted key data). The \
number of elements in the sequence was {0,number,0}.
ERR_PKCS8_ENC_HANDLER_KEY_SCHEME_ELEMENT_NOT_SEQUENCE=Unable to decode an \
encrypted PKCS #8 private key because the first element of the encrypted \
key sequence could not be parsed as a sequence (intended to hold the \
encryption scheme algorithm identifier).
ERR_PKCS8_ENC_HANDLER_SEQUENCE_UNEXPECTED_KEY_SCHEME_ELEMENT_COUNT=Unable to \
decode an encrypted PKCS #8 private key because the encryption scheme \
sequence did not contain the expected 2 elements (intended to represent \
the encryption scheme OID and parameters). The number of elements in the \
sequence was {0,number,0}.
ERR_PKCS8_ENC_HANDLER_CANNOT_PARSE_KEY_SCHEME_OID=Unable to decode an \
encrypted PKCS #8 private key because the first element of the encryption \
scheme sequence could not be parsed as an OID intended to identify the \
encryption scheme algorithm.
ERR_PKCS8_ENC_HANDLER_ENC_SCHEME_NOT_PBES2=Unable to decode an encrypted \
PKCS #8 private key because it used an unsupported encryption scheme \
algorithm with OID ''{0}''. Only the PBES2 encryption scheme is supported.
ERR_PKCS8_ENC_HANDLER_PBES2_PARAMS_NOT_SEQUENCE=Unable to decode an encrypted \
PKCS #8 private key because the PBES2 algorithm parameters could not be \
parsed as a sequence (intended to hold the algorithm identifiers for the \
key derivation function and encryption algorithm).
ERR_PKCS8_ENC_HANDLER_PBES2_UNEXPECTED_PARAMS_SEQUENCE_ELEMENT_COUNT=Unable \
to decode an encrypted PKCS #8 private key because the PBES2 algorithm \
parameters sequence did not contain the expected 2 elements (intended to \
represent the algorithm identifiers for the key derivation function and \
encryption algorithm). The number of elements in the sequence was \
{0,number,0}.
ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_KDF=Unable to decode an encrypted PKCS #8 \
private key because the PBES2 algorithm parameters sequence indicated that \
it uses an unsupported key derivation function with OID ''{0}''. Only the \
PKBDF2 key derivation function is supported.
ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_PBKDF2_PRF=Unable to decode an encrypted \
PKCS #8 private key because the PBKDF2 key derivation function uses an \
unsupported pseudorandom function with oid ''{0}''.
ERR_PKCS8_ENC_HANDLER_CANNOT_DECODE_KDF_SETTINGS=Unable to decode an \
encrypted PKCS #8 private key because an unexpected error occurred while \
attempting to decode the key derivation function settings: {0}
ERR_PKCS8_ENC_HANDLER_UNSUPPORTED_CIPHER=Unable to decode an encrypted PKCS \
#8 private key because the PBES2 algorithm parameters sequence indicated \
that it uses an unsupported cipher transformation with OID ''{0}''.
ERR_PKCS8_ENC_HANDLER_CANNOT_DECODE_CIPHER_SETTINGS=Unable to decode an \
encrypted PKCS #8 private key because an unexpected error occurred while \
attempting to decode the encryption cipher settings: {0}
ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_DEC_SECRET_KEY=Unable to decode an \
encrypted PKCS #8 private key because an error occurred while attempting to \
create the secret key using the ''{0}'' algorithm with the provided \
password: {1}
ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_DEC_CIPHER=Unable to decode an encrypted \
PKCS #8 private key because an error occurred while attempting to create a \
cipher using the ''{0}'' cipher transformation: {1}
ERR_PKCS8_ENC_HANDLER_CANNOT_DECRYPT_KEY=Unable to decode an encrypted \
PKCS #8 private key because an error occurred while attempting to decrypt \
the encrypted key data using the ''{0}'' cipher transformation: {1}
ERR_PKCS8_ENC_HANDLER_CANNOT_PARSE_DECRYPTED_KEY=Unable to decode an \
encrypted PKCS #8 private key because although the encrypted key data was \
successfully decrypted using the ''{0}'' cipher transformation, the \
decrypted key could not be parsed as a valid PKCS #8 secret key: {1}
ERR_PKCS8_ENC_PROPS_INVALID_KEY_FACTORY_PRF_ALG=Unable to use {0} ({1}) as a \
key factory pseudorandom function because that identifier does not \
represent a supported pseudorandom function.
ERR_PKCS8_ENC_PROPS_INVALID_CIPHER_TRANSFORMATION_ALG=Unable to use {0} ({1}) \
as a cipher transformation because that identifier does not represent a \
supported cipher transformation.
ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_ENC_SECRET_KEY=Unable to encrypt the \
provided PKCS #8 private key because an error occurred while attempting to \
create the secret key using the ''{0}'' algorithm with the provided \
password: {1}
ERR_PKCS8_ENC_HANDLER_CANNOT_CREATE_ENC_CIPHER=Unable to encrypt the provided \
PKCS #8 private key because an error occurred while attempting to create a \
cipher using the ''{0}'' cipher transformation: {1}
ERR_PKCS8_ENC_HANDLER_CANNOT_ENCRYPT_PRIVATE_KEY=Unable to encrypt the \
provided PKCS #8 private key using the ''{0}'' cipher transformation: {1}
ERR_PKCS8_ENC_HANDLER_CANNOT_ENCODE_ENC_PRIVATE_KEY=Unable to encode the \
encrypted PKCS #8 private key: {0}
