Previous Topic: DBUpdateFrequencyMinutes SettingNext Topic: Modify the Key Database Using smkeytool


Create and Manage the Key Database Using Smkeytool

The smkeytool command-line utility allows you to populate and manage the key database. This tool is installed with the Policy Server.

Use smkeytool to:

Note: smkeytool relies on values in the smkeydatabase.properties file. Be sure that this file is properly configured before running smkeytool.

smkeytool is located in the following directory:

Run the smkeytool utility from a command line, using the following syntax:

UNIX:

smkeytool.sh option [argument(s)]

Windows:

smkeytool.bat option [argument(s)]

Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.

The options and arguments are described in the following table.

Option

Arguments

Function

-createDB

or

-cdb

 

<password>

Creates an empty key database to store keys and certificates.

The specified password is encrypted using the policy store key and added to the smkeydatabase.properties file.

-deleteDB

or

-ddb

None

Deletes the key database specified in the smkeydatabase.properties file.

-addPrivKey

or

-apk

<private_key_filepath> <x.509_certificate_filepath> <password>

Adds the specified private key and corresponding certificate file to the key database. Note that <password> is the password used to encrypt the private key file being loaded, not the one associated with the key database.

-deletePrivKey

or

-dpk

<x.509_certificate_filepath>

Deletes the private key entry from the key database based on the specified certificate.

-addCert

or

-ac

<x.509_certificate_filepath>

Adds a certificate to the key database.

-deleteCert

or

-dc

<x.509_certificate_filepath>

Deletes a certificate from the key database based on the specified certificate.

-listCerts

or

-lc

 

None

Lists the issuer/subject name (DN) and serial number of all the certificates stored in key database.

-help

or

-h

None

Lists smkeytool usage information.

Note: smkeytool has several command options to manage certificate revocation information. These options are only for SiteMinder Federation Security Services signing and encryption features.

Smkeytool Examples