KMF manages the keystores for three public key technologies, PKCS #11 tokens, NSS, and OpenSSL. For all of these technologies, the pktool command enables you to do the following:
Generate a self-signed certificate
Generate a certificate request
Generate a symmetric key
Generate a public/private key pair
Generate a PKCS #10 certificate signing request (CSR) to be sent to an external certificate authority (CA) to be signed
Sign a PKCS #10 CSR
Import objects into the keystore
List the objects in the keystore
Delete objects from the keystore
Download a CRL
For the PKCS #11 and NSS technologies, the pktool command also enables you to set a PIN by generating a passphrase for the keystore or for an object in the keystore.
For examples of using the pktool utility, see the pktool (1) man page and Table 4–1.