Chapter 2
Command Line Utilities
This chapter describe each of the Partner Agent Server command line utilities, which are located in the $NSBASE/NS-apps/paserver/bin directory.
The following topics are discussed in this section:
gencerts—Generating Self-issued Certificates
The gencerts utility generates self-issued, base-64 encoded certificates in PEM format for each of the Partner Agent servers, which include agentd, admin, ftpd, and httpsd. The utility adds the certificates to the Partner Agent Server database and uses them to authenticate incoming certificate-based login attempts made by the user.
[add to Client manual]]Syntax
The syntax of the submit command is as follows:
gencerts <parameter_list>
where <parameter_list> consists of options selected from Table 2-1.
Table 2-1 Parameters for the gencerts utility
Parameter
|
Usage
|
|
-s
|
To generate certificates for the Agent, FTP, and HTTP(S) Servers.
|
|
-u <User ID>
|
To generate a certificate for the specified ECXpert user.
|
|
-a
|
To generate a certificate for the Agent Server.
|
|
-f
|
To generate a certificate for the FTP Server.
|
|
-w
|
To generate a certificate for the HTTP(S) Server.
|
|
-h
|
To display usage help.
|
Note
|
You will be prompted to specify two pass phrases. The first is associated with the private key, and is used to decrypt the certificate; enter a password of your choice. The second is the administrator's password to sign the certificate; this has been pre-configured to default to "ECXpert."
|
Example
gencerts -u PartnerA
Figure 2-1 Example output of the gencerts utility script
$ ../../paserver/bin/gencerts -u johndoe
|
==> Generating certificate request for johndoe
|
==> Encrypt private key? [y]
|
==> Enter key password when prompted for PEM pass phrase
|
Using configuration from
/export/disk2/usr/actraadm/NS-apps/paserver/conf/ssl.client.conf
|
Generating a 1024 bit RSA private key
|
Enter PEM pass phrase:
|
Verifying password - Enter PEM pass phrase:
|
-----
|
Country Name (2 letter code) []:US
|
State/Province Name (full name) []:CA
|
Locality Name (eg, city) []:MV
|
Organization Name (eg, company) []:Company
|
Organizational Unit (eg, section) []:APD
|
Common Name (eg, first last) []:John Doe
|
Email Address (eg, name@fqdn) []:john_doe@company.com
|
==> Signing certificate for johndoe
|
==> Enter signing password when prompted for PEM pass phrase
|
Using configuration from
/export/disk2/usr/actraadm/NS-apps/paserver/conf/ssl.ca.conf
|
Enter PEM pass phrase:
|
Check that the request matches the signature
|
Signature ok
|
The Subjects Distinguished Name is as follows
|
countryName :PRINTABLE:'US'
|
stateOrProvinceName :PRINTABLE:'CA'
|
localityName :PRINTABLE:'MV'
|
organizationName :PRINTABLE:'Company'
|
organizationalUnitName:PRINTABLE:'APD'
|
commonName :PRINTABLE:'John Doe'
|
emailAddress :IA5STRING:'john_doe@company.com'
|
Certificate is to be certified until Oct 7 23:46:57 2000 GMT (365 days)
|
Sign the certificate? [y/n]:y
|
1 out of 1 certificate requests certified, commit? [y/n]y
|
Write out database with 1 new entries
|
Data Base Updated
|
$
|
|
mkpasswd—Changing the Default Administrator Password
mkpasswd
By default, the administrator username and password, which are used to log into the browser-based Administration System, are ECX/ECX. The username and encrypted password are stored in a data file, $NSBASE/NS-apps/paserver/var/db/http/admin_users.db.
The mkpasswd utility allows you to change the default password, overwriting the user data in the $NSBASE/NS-apps/paserver/var/db/http/admin_users.db file.
Syntax
The syntax of the mkpasswd command is as follows:
mkpasswd
When prompted, enter the administrator account name and the password.
addpasswd—Adding an Administrator Password
Use the addpasswd utility to add another administrator user account, or to change the password of an existing administrator user. The utility adds the new data to the $NSBASE/NS-apps/paserver/var/db/http/admin_users.db file.
Syntax
The syntax of the submit command is as follows:
addpasswd
When prompted, enter the administrator account name and password
importcert—Importing User Certificates
The importcert utility imports a user's public certificate file to the Partner Agent Server and creates a one-to-one mapping between the certificate's subdirect and the ECXpert member.
[add to Client manual]]Syntax
The syntax of the submit command is as follows:
importcert <parameter_list>
where <parameter_list> consists of options selected from Table 2-2.
Table 2-2 Parameters for the gencerts utility
Parameter
|
Usage
|
|
-u <ECXpert Member ID>
|
Specifies the ECXpert user for whom the certificate is imported.
|
|
-f <Certificate FIle>
|
Specifies the path and filename of the certificate to be imported.
|
Example
importcert -u PartnerA -f
$NSBASE/NS-apps/paserver/lib/certs/private/agentd-crt.pem
fdx—Command Line FTP Client
fdx is a command-line driven, SSL-enabled FTP client. It is detailed in the appendix on "(Optional) Using the Partner Agent Server Command Line Client." [add to Client manual]]