The Application Server provides the following tools for managing security:
Admin Console, a browser-based tool used to configure security for the entire server, to manage users, groups, and realms, and to perform other system-wide security tasks. For a general introduction to the Admin Console, see Tools for Administration. For an overview of the security tasks you can perform with the Admin Console, see Managing Security With the Admin Console.
asadmin, a command-line tool that performs many of the same tasks as the Admin Console. You may be able to do some things with asadmin that you cannot do with Admin Console. You perform asadmin commands from either a command prompt or from a script, to automate repetitive tasks. For a general introduction to asadmin, see Tools for Administration.
deploytool, a graphical packaging and deployment tool for editing application deployment descriptors to control individual applications’ security. Because deploytool is intended for application developers, this document does not describe its use in detail. For instructions on using deploytool, see the tool’s online help and The J2EE 1.4 Tutorial at http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html.
The Java 2 Platform, Standard Edition (J2SE) provides two tools for managing security:
keytool, a command-line utility for managing digital certificates and key pairs. Use keytool to manage users in the certificate realm.
policytool, a graphical utility for managing system-wide Java security policies. As an administrator, you will rarely need to use policytool.
For more information on using keytool, policytool, and other Java security tools, see Java 2 SDK Tools and Utilities at http://java.sun.com/j2se/1.4.2/docs/tooldocs/tools.html#security.
In the Enterprise Edition, two other tools that implement Network Security Services (NSS) are available for managing security. For more information on NSS, go to http://www.mozilla.org/projects/security/pki/nss/. The tools for managing security include the following:
certutil, a command-line utility for managing certificates and key databases.
pk12util, a command-line utility used to import and export keys and certificates between the certificate/key databases and files in PKCS12 format.
For more information on using certutil, pk12util, and other NSS security tools, see NSS Security Tools at http://www.mozilla.org/projects/security/pki/nss/tools.