The certapp tool is a PC command line utility which converts certificate store files between text and binary formats, and vice versa.
certapp general_options input_files -out output_files
It is essential that you specify at least one input file name and an output file name with certapp. If you specify input files but do not specify any output file, the tool only reads the input file data and displays the same. No output file is created to hold the displayed data.
The following sub-sections provide information on specifying general options, and specifying input or output file arguments as command-line arguments with certapp.
General options
The following table summarises the general options that can be specified as command-line arguments:
Name |
Description |
-h |
Displays the usage message. |
--progress=filename |
Saves progress output to a specified file. |
--errors=filename |
Saves error output to a specified file. |
--verbose |
Includes additional debug comments in output files. |
--license |
Displays license information. |
--pemout |
Displays certificates in PEM format. (The format is auto-detected when reading.) |
Note: If you do not specify any file name with --progress or --errors options, the respective outputs are written to default progress or error text files. If the file names specified with the errors and progress options are identical, their outputs are merged. |
Input and output file arguments
In the certapp syntax, the files specified before the -out argument are input files while those after the argument are output files. You can use the -in option to specify additional input files at the end of the command line.
The following table summarises the input and output file arguments that can be specified at the command line:
Name |
Description |
--bswicertstore=filename |
Specifies a binary SWI certificate store file. |
--hswicertstore=filename |
Specifies a human-readable SWI certificate store file. |
--bfilecertstore=filename |
Specifies a binary file of the file certificate store. |
--hfilecertstore=filename |
Specifies a human-readable file of the file certificate store. |
--bcertclients=filename |
Specifies a binary certificate clients file. |
--hcertclients=filename |
Specifies a human-readable certificate clients file. |
--out |
Files listed after –out are output files. |
--in |
Specifies input files listed in the command line. Files listed after –in are input files. Note: --in is not required when input files are specified before output files. It may be used to specify additional input files after output files. |
--chdir=dirname |
Changes directory for the specified input or output files. |
Consider the following while specifying input and output file command-line arguments:
Information in file certificate store and SWI certificate store files can depend on information contained in the certificate client files. Therefore, all the certificate client files are read before the other certificate store files.
You can use the --chdir option to change to the current directory for reading or writing files. You can also use this option to read input files from one directory and write all output files to a different directory or to multiple directories.
Important: Duplicate entries should not be included in certificate store files. If duplicate entries are detected in a certificate store file, then this is reported as a fatal error.
For file certificate store or SWI certificate store files, duplicates are determined by labels. For certificate client files, duplicates are determined by the client application name (that is, multiple client application names can map to a single UID, but not vice versa).
The following is an example for dumping a SWI certificate store (swicertstore.dat) into human-readable form (swicertstore.txt). The input files are swicertstore.dat and certclients.dat which maps the application UIDs in the certificates to application description strings. The certclients.dat file is provided as input so that the tool can dump the certificate application-related metadata in the form of text and not as a series of UIDs.
certapp --bcertclients=certclients.dat --bswicertstore=swicertstore.dat --out --hcertclients=certclients.txt --hswicertstore=swicertstore.txt