certapp Reference

The certapp tool is a PC command line utility which converts certificate store files between text and binary formats, and vice versa.

Syntax

certapp general_options input_files -out output_files

It is essential that you specify at least one input file name and an output file name with certapp . If you specify input files but do not specify any output file, the tool only reads the input file data and displays the same. No output file is created to hold the displayed data.

The following sub-sections provide information on specifying general options, and specifying input or output file arguments as command-line arguments with certapp .

General options

The following table summarises the general options that can be specified as command-line arguments:

Name

Description

-h

Displays the usage message.

--progress=filename

Saves progress output to a specified file.

--errors=filename

Saves error output to a specified file.

--verbose

Includes additional debug comments in output files.

--license

Displays license information.

--pemout

Displays certificates in PEM format. (The format is auto-detected when reading.)

Note: If you do not specify any file name with --progress or --errors options, the respective outputs are written to default progress or error text files. If the file names specified with the errors and progress options are identical, their outputs are merged.

Input and output file arguments

In the certapp syntax, the files specified before the -out argument are input files while those after the argument are output files. You can use the -in option to specify additional input files at the end of the command line.

The following table summarises the input and output file arguments that can be specified at the command line:

Name

Description

--bswicertstore=filename

Specifies a binary SWI certificate store file.

--hswicertstore=filename

Specifies a human-readable SWI certificate store file.

--bfilecertstore=filename

Specifies a binary file of the file certificate store.

--hfilecertstore=filename

Specifies a human-readable file of the file certificate store.

--bcertclients=filename

Specifies a binary certificate clients file.

--hcertclients=filename

Specifies a human-readable certificate clients file.

--out

Files listed after –out are output files.

--in

Specifies input files listed in the command line. Files listed after –in are input files.

Note: --in is not required when input files are specified before output files. It may be used to specify additional input files after output files.

--chdir=dirname

Changes directory for the specified input or output files.

Consider the following while specifying input and output file command-line arguments:

  • Information in file certificate store and SWI certificate store files can depend on information contained in the certificate client files. Therefore, all the certificate client files are read before the other certificate store files.

  • You can use the --chdir option to change to the current directory for reading or writing files. You can also use this option to read input files from one directory and write all output files to a different directory or to multiple directories.

Important: Duplicate entries should not be included in certificate store files. If duplicate entries are detected in a certificate store file, then this is reported as a fatal error.

For file certificate store or SWI certificate store files, duplicates are determined by labels. For certificate client files, duplicates are determined by the client application name (that is, multiple client application names can map to a single UID, but not vice versa).

Example

The following is an example for dumping a SWI certificate store ( swicertstore.dat ) into human-readable form ( swicertstore.txt ). The input files are swicertstore.dat and certclients.dat which maps the application UIDs in the certificates to application description strings. The certclients.dat file is provided as input so that the tool can dump the certificate application-related metadata in the form of text and not as a series of UIDs.

       
        
       
       certapp --bcertclients=certclients.dat --bswicertstore=swicertstore.dat --out 
--hcertclients=certclients.txt --hswicertstore=swicertstore.txt
      
Related concepts
Security Tools Overview