The smkeytool command-line utility allows you to populate and manage the key database. This tool is installed with the Policy Server.
Use smkeytool to:
You can only have one key database per Policy Server. After the database is created, you can add keys and certificates.
Note: smkeytool relies on values in the smkeydatabase.properties file. Be sure that this file is properly configured before running smkeytool.
smkeytool is located in the following directory:
Run the smkeytool utility from a command line, using the following syntax:
UNIX:
smkeytool.sh option [argument(s)]
Windows:
smkeytool.bat option [argument(s)]
Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.
The options and arguments are described in the following table.
Option |
Arguments |
Function |
---|---|---|
-createDB or -cdb
|
<password> |
Creates an empty key database to store keys and certificates. The specified password is encrypted using the policy store key and added to the smkeydatabase.properties file. |
-deleteDB or -ddb |
None |
Deletes the key database specified in the smkeydatabase.properties file. |
-addPrivKey or -apk |
<private_key_filepath> <x.509_certificate_filepath> <password> |
Adds the specified private key and corresponding certificate file to the key database. Note that <password> is the password used to encrypt the private key file being loaded, not the one associated with the key database. |
-deletePrivKey or -dpk |
<x.509_certificate_filepath> |
Deletes the private key entry from the key database based on the specified certificate. |
-addCert or -ac |
<x.509_certificate_filepath> |
Adds a certificate to the key database. |
-deleteCert or -dc |
<x.509_certificate_filepath> |
Deletes a certificate from the key database based on the specified certificate. |
-listCerts or -lc
|
None |
Lists the issuer/subject name (DN) and serial number of all the certificates stored in key database. |
-help or -h |
None |
Lists smkeytool usage information. |
Note: smkeytool has several command options to manage certificate revocation information. These options are only for SiteMinder Federation Security Services signing and encryption features.
Smkeytool Examples
UNIX:
smkeytool.sh –cdb password
Windows:
smkeytool.bat –cdb password
UNIX:
smkeytool.sh –apk /opt/netegrity/webagent/certs/samplePrivKey.pkcs8 /opt/netegrity/webagent/certs/sampleRobm.cer passphrase
Windows:
smkeytool.bat –apk "c:\program files\netegrity\webagent\certs\samplePrivKey.pkcs8" "C:\program files\netegrity\webagent\certs\sampleRobm.cer" passphrase
UNIX:
smkeytool.sh –ac /opt/netegrity/webagent/certs/sampleCARoot.cer
Windows:
smkeytool.bat –ac "c:\program files\netegrity\webagent\certs\sampleCARoot.cer"
Copyright © 2012 CA.
All rights reserved.
|
|