Previous Contents Index Next |
iPlanet Certificate Management System Command-Line Tools Guide |
Chapter 1 Command-Line Tools
iPlanet Certificate Management Server (CMS) is bundled with various command-line utilities. This chapter summarizes these utilities and provides pointers to chapters that further explain them.
Table 1-1 summarizes the command-line utilities that are bundled with Certificate Management System.
Table 1-1    Summary of command-line utilities
Utility/Tool
Function
Batch/Shell Scripts located under <server_root>/bin/cert/tools/ (require jre):
Manipulates the contents of the single sign-on password cache. For details, see Chapter 2 "Password Cache Utility."
Converts ASCII base-64 encoded data to binary base-64 encoded data. For details, see Chapter 7 "ASCII to Binary Tool."
Converts binary base-64 encoded data to ASCII base-64 encoded data. For details, see Chapter 8 "Binary to ASCII Tool."
Prints the contents of a certificate stored as ASCII base-64 encoded data in a human-readable form. For details, see Chapter 9 "Pretty Print Certificate Tool."
Prints the contents of a CRL stored as ASCII base-64 encoded data in a human-readable form. For details, see Chapter 10 "Pretty Print CRL Tool."
Executable tools located under <server_root>/bin/cert/tools:
View and manipulate the certificate database (cert7.db) contents. For details, see Chapter 11 "Certificate Database Tool."
View and manipulate the key database (key3.db) contents. For details, see Chapter 12 "Key Database Tool."
Kills or terminates system processes in Windows NT. For details, see Chapter 3 "Kill Process Tool."
Generates PINs for end users for directory- and PIN-based authentication. For details, see Chapter 4 "PIN Generator Tool."
Digitally signs any file, including log files. For details, see Chapter 13 "Netscape Signing Tool."
Connects to an SSL server and reports back the type and strength of the encryption cipher that it's using. For details, see Chapter 15 "SSL Strength Tool
Used to debug SSL applications. For details, see Chapter 14 "SSL Debugging Tool."
Copies all of the pertinent data and configuration files for a CMS instance, the local Administration Server, and local Netscape Directory Servers that the instance uses into a compressed archive. For details, see Chapter 6 "Backing Up and Restoring Data."
Opens a named archive, extracts the data, and uses it to restore the configuration of a CMS instance. For details, see Chapter 6 "Backing Up and Restoring Data."
Used for managing the PKCS #11 module information within secmod.db files or within hardware tokens. For details, see Chapter 16 "Security Module Database Tool."
Third-party executable tools located under <server_root>/bin/cert/tools:
Dumps the contents of binary base-64-encoded data. Note that the tool is freeware that is packaged with Certificate Management System for your convenience. For more information about this tool, check this site: http://www.cs.auckland.ac.nz/~pgut001/
Java runtime executable for Netscape Console.
Java runtime executable for Certificate Management System.
Note that the CMS jre is invoked as cms_daemon during CMS installation and configuration, as cms_watchdog to monitor the status of the CMS server, and as cms_server to actually run the CMS server.
The AtoB, BtoA, PrettyPrintCert, PrettyPrintCrl, and dumpasn1 tools are useful for converting back and forth between various encodings and formats you may encounter when dealing with keys and certificates.
The Password Cache Utility can be used to manipulate the contents of an existing single sign-on password cache and to create a new cache.
The Certificate Database Tool, Key Database Tool, and Security Module Database Tool are useful for a variety of administrative tasks that involve manipulating certificate and key databases.
The PIN Generator tool is used to create PINs for directory authentication. The killproc tool is used to terminate the Java virtual machines, called jre processes, when Certificate Management System becomes unresponsive.
The Netscape Signing Tool can be used to associate a digital signature with any file, including CMS log files.
The SSL Strength Tool and SSL Debugging Tool are useful for testing and debugging purposes.
Note If you find any problems in Certificate Database Tool (certutil), Key Database Tool (keyutil), Netscape Signing Tool (signtool), SSL Debugging Tool (ssltap), and SSL Strength Tool (sslstrength), you may obtain the source code and build instructions for the very latest version of these tools (and/or potentially a binary image for the newer tool) at the following URL:
http://www.mozilla.org/projects/security/pki/nss/tools/index.html
Note that all Key Database Tool functions have now been incorporated into the single tool, Certificate Database Tool, and that several of the command-line options for many of the tools may have changed. Be sure to check back often to obtain the very latest version of the desired security tool, as this site will be updated often.
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated October 07, 2002