test

Sun Java System Messaging Server 6 2005Q4 Administration Guide

Network Security Services Tools

The Network Security Services are a set of open source libraries and tools used to implement and deploy applications for Internet security based on open standards. The security tools help to perform diagnostics, manage certificates, keys and cryptography modules, and debug SSL- and TLS-based applications. These tools are found in /usr/sfw/bin.

Managing Certificates and Keys

The tools described in this section store, retrieve and protect the keys and certificates on which encryption and identification rely.

certutil

The Certificate Database Tool, certutil, is a command-line utility that can create and modify the cert8.db and key3.db database files. The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database. More information on certutil can be found at:

http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

cmsutil

The cmsutil command-line utility uses the S/MIME Toolkit to perform basic operations, such as encryption and decryption, on Cryptographic Message Syntax (CMS) messages. It performs basic certificate management operations such as encrypting, decrypting, and signing messages. More information on cmsutil can be found at:

http://www.mozilla.org/projects/security/pki/nss/tools/cmsutil.html

modutil

The Security Module Database Tool, modutil, is a command-line utility for managing the database of PKCS #11 modules (secmod.db files). You can use the tool to add and delete PKCS #11 modules, change passwords, set defaults, list module contents, enable or disable slots, enable or disable FIPS-140-1 compliance, and assign default providers for cryptographic operations. More information on modutil can be found at:

http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html

pk12util

The pk12util command-line utility imports and exports both keys and certificates, defined by the PKCS #12 standard, to and from their respective database and file formats. More information on pk12util can be found at:

http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

ssltap

The SSL Debugging Tool, ssltap, is an SSL-aware command-line proxy. It can proxy requests for an SSL server and display the contents of the messages exchanged between the client and server. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking. More information can be found at:

http://www.mozilla.org/projects/security/pki/nss/tools/ssltap.html