Use the cascertreg command-line utility to list, delete, or add certificate registrations required for CICS Web Interface servers, deployment listeners, etc....


cascertreg [common-options] command [command-options] [parameters] 

Common options:

-directory path Specifies the certificate registration directory. You can also specify this by setting the ES_CERT_REG environment variable.
-nobanner Specifies not to display the banner (program name and copyright message).
-quiet Provide minimal output - do not ask for confirmation when deleting registrations.
-verbose Provide more output.
-algorithm Specifies the algorithm to use for generating fingerprints. Default is SHA1, values can be SHA224, SHA256, SHA384, and SHA512.

Commands, Command Options and Parameters:

Command Options Parameters Explanation
list partial fingerprint (optional) List certificate registrations. If a partial fingerprint is supplied, only list certificates that match.
delete partial fingerprint (optional) Delete certificate registrations (matching the partial fingerprint if supplied). List matches registrations and prompts for confirmation unless -quiet is specified.
add -file certificate-file


-fingerprint fingerprint

User ID Add a registration for the specified certificate (supplied as either the certificate file or its fingerprint), associating it with the specified user.

Fails if a registration for the certificate already exists. With the -file option, the certificate must be in PEM or DER format.


List all the certificate registrations in the specified directory. The list shows fingerprints and user IDs:
cascertreg -directory c:\cwi-certs list
List all certificate registrations in the directory specified by the ES_CERT_REG environment variable that include the string 01ab in their fingerprints. The list is in verbose form, showing any additional information recorded in the registration, such as subject and issuer Distinguished Names:
cascertreg list -verbose 01ab
Delete any registrations in the specified directory that include the string 01ab in their fingerprints, without prompting for information:
cascertreg -quiet delete 01ab -directory c:\cwi-certs
Add a registration (to the directory specified by the ES_CERT_REG environment variable) for the certificate in client.pem, associating it with the SYSAD and user ID:
cascertreg add -file client.pem SYSAD
As above, but this time using the SHA512 algorithm for the certificate fingerprint:
cascertreg add -file client.pem SYSAD –algorithm SHA512