Adds a private key/certificate pair to the key database. Use this command to import only a private key/certificate pair into the key database. You can have multiple private key/certificate pairs in the database, but SiteMinder supports only RSA keys in the database.
Note: Only private key/certificate pairs are stored in the smkeydatabase in encrypted form.
The Policy Server at the asserting party uses a single private key/certificate pair to sign SAML assertions and the certificate to decrypt encrypted SAML assertions received from the relying party. Typically, the key is the first private key/certificate pair found in the smkeydatabase.
With the -addPrivKey command, you can specify the key data by combining the -keyfile and -certfile options or by using the -keycertfile option alone.
Arguments for -addPrivKey are as follows:
Required. Assigns an alias to a private key/certificate pair in the database. The alias must be a unique string and can contain only alphanumeric characters.
Specifies the full path to the location of the certificate associated with the private key/certificate pair. Required for keys in PKCS1, PKCS5, and PKCS8 format.
Specifies the full path to the location of the private key file. Required for keys in PKCS1, PKCS5, and PKCS8 format.
Specifies the full path to the location of the PKCS12 file that contains the private key/certificate pair data. Required for keys in PKCS12 format.
Optional. Specifies the password that was used to encrypt the private key/certificate pair when the pair was originally created. When a key/certificate pair is added to the smkeydatabase, supply this password to decrypt the pair before it gets written to the smkeydatabase.
Note: This password is not stored in the smkeydatabase.
After the key/certificate pair is decrypted and placed in the smkeydatabase, SiteMinder encrypts the pair again using its own password. The password SiteMinder uses is the one you specified when establishing the smkeydatabase.
Copyright © 2012 CA.
All rights reserved.
|
|