|
|
|
Adds a private key and certificate pair to the key database. You can have multiple private keys and certificates in the database, but only RSA keys are supported.
Note: Only private keys are stored in the smkeydatabase in encrypted form.
The Policy Server at the producing authority uses a single enterprise private key to sign SAML messages and to decrypt encrypted SAML messages received from the consuming authority. Typically, the enterprise key is the first private key found in the smkeydatabase.
When you use the -addPrivKey command, you can specify the key data by combining the -keyfile and -certfile options or by using the -keycertfile option alone.
Arguments for -addPrivKey are as follows:
Required. Assigns an alias to a single certificate or certificate/private key pair in the database. The alias must be a unique string and should contain only alphanumeric characters.
Specifies the full path to the location of the certificate associated with this private key. Required for keys in PKCS1, PKCS5, and PKCS8 format.
Specifies the full path to the location of the private key file. Required for keys in PKCS1, PKCS5, and PKCS8 format.
Specifies the full path to the location of the PKCS12 file that contains the private key and public certificate data. Required for keys in PKCS12 format.
Optional. Specifies the password that was used to encrypt the private key when the key/certificate pair was originally created. When a private key is added to the smkeydatabase, this password must be supplied to decrypt the private key before it gets written to the smkeydatabase.
Note: This password is not stored in the smkeydatabase.
After the key is decrypted and placed in the smkeydatabase, smkeydatabase encrypts the private key again using its own password, which is the password specified when the smkeydatabase was created.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |