Chapter 1
Command-Line Tools
iPlanet Certificate Management System (CMS) is bundled with various command-line utilities. This chapter summarizes these utilities and provides pointers to chapters that further explain them.
Table 1-1 summarizes the command-line utilities that are bundled with Certificate Management System.
Table 1-1 Summary of command-line utilities
|
Utility/Tool
|
Function
|
|
Batch/Shell Scripts located under <server_root>/bin/cert/tools/ (require jre):
|
|
PasswordCache
(Password Cache Utility)
|
Manipulates the contents of the single sign-on password cache. For details, see Chapter 2 "Password Cache Utility."
|
|
AtoB
(ASCII to Binary Tool)
|
Converts ASCII base-64 encoded data to binary base-64 encoded data. For details, see Chapter 7 "ASCII to Binary Tool."
|
|
BtoA
(Binary to ASCII Tool)
|
Converts binary base-64 encoded data to ASCII base-64 encoded data. For details, see Chapter 8 "Binary to ASCII Tool."
|
|
PrettyPrintCert
(Pretty Print Certificate Tool)
|
Prints the contents of a certificate stored as ASCII base-64 encoded data in a human-readable form. For details, see Chapter 9 "Pretty Print Certificate Tool."
|
|
PrettyPrintCrl
(Pretty Print CRL Tool)
|
Prints the contents of a CRL stored as ASCII base-64 encoded data in a human-readable form. For details, see Chapter 10 "Pretty Print CRL Tool."
|
|
Executable tools located under <server_root>/bin/cert/tools:
|
|
certutil
(Certificate Database Tool)
|
View and manipulate the certificate database (cert7.db) contents. For details, see Chapter 11 "Certificate Database Tool."
|
|
keyutil
(Key Database Tool)
|
View and manipulate the key database (key3.db) contents. For details, see Chapter 12 "Key Database Tool."
|
|
killproc
(Kill Process Tool)
|
Kills or terminates system processes in Windows NT. For details, see Chapter 3 "Kill Process Tool."
|
|
setpin
(PIN Generator tool)
|
Generates PINs for end users for directory- and PIN-based authentication. For details, see Chapter 4 "PIN Generator Tool."
|
|
signtool
(Netscape Signing Tool)
|
Digitally signs any file, including log files. For details, see Chapter 13 "Netscape Signing Tool."
|
|
sslstrength
(SSL Strength Tool)
|
Connects to an SSL server and reports back the type and strength of the encryption cipher that it's using. For details, see Chapter 15 "SSL Strength Tool
|
|
ssltap
(SSL Debugging Tool)
|
Used to debug SSL applications. For details, see Chapter 14 "SSL Debugging Tool."
|
|
Perl Scripts located under <server_root> (require_perl):
|
|
cmsbackup
|
Copies all of the pertinent data and configuration files for a CMS instance, the local Administration Server, and local Netscape Directory Servers that the instance uses into a compressed archive. For details, see Chapter 6 "Backing Up and Restoring Data."
|
|
cmsrestore
|
Opens a named archive, extracts the data, and uses it to restore the configuration of a CMS instance. For details, see Chapter 6 "Backing Up and Restoring Data."
|
|
Executable tools located under <server_root>/shared/bin:
|
|
modutil
(Security Module Database Tool)
|
Used for managing the PKCS #11 module information within secmod.db files or within hardware tokens. For details, see Chapter 16 "Security Module Database Tool."
|
|
Third-party executable tools located under <server_root>/bin/cert/tools:
|
|
dumpasn1
|
Dumps the contents of binary base-64-encoded data. Note that the tool is freeware that is packaged with Certificate Management System for your convenience. For more information about this tool, check this site: http://www.cs.auckland.ac.nz/~pgut001/
|
|
Third-party support tools located under <server_root>:
|
|
bin/base/jre/bin/jre
bin/cert/jre/bin/jre
|
Java runtime executable for Netscape Console.
Java runtime executable for Certificate Management System.
Note that the CMS jre is invoked as cms_daemon during CMS installation and configuration, as cms_watchdog to monitor the status of the CMS server, and as cms_server to actually run the CMS server.
|
|
bin/cert/tools/unzip
|
Decompression utility executable.
|
|
bin/cert/tools/zip
|
Compression utility executable.
|
|
install/perl
|
perl scripting language executable.
|
The AtoB, BtoA, PrettyPrintCert, PrettyPrintCrl, and dumpasn1 tools are useful for converting back and forth between various encodings and formats you may encounter when dealing with keys and certificates.
The Password Cache Utility can be used to manipulate the contents of an existing single sign-on password cache and to create a new cache.
The Certificate Database Tool, Key Database Tool, and Security Module Database Tool are useful for a variety of administrative tasks that involve manipulating certificate and key databases.
The PIN Generator tool is used to create PINs for directory authentication. The killproc tool is used to terminate the Java virtual machines, called jre processes, when Certificate Management System becomes unresponsive.
The Netscape Signing Tool can be used to associate a digital signature with any file, including CMS log files.
The SSL Strength Tool and SSL Debugging Tool are useful for testing and debugging purposes.
|
Note
|
If you find any problems in Certificate Database Tool (certutil), Key Database Tool (keyutil), Netscape Signing Tool (signtool), SSL Debugging Tool (ssltap), and SSL Strength Tool (sslstrength), you may obtain the source code and build instructions for the very latest version of these tools (and/or potentially a binary image for the newer tool) at the following URL:
http://www.mozilla.org/projects/security/pki/nss/tools/index.html
Note that all Key Database Tool functions have now been incorporated into the single tool, Certificate Database Tool, and that several of the command-line options for many of the tools may have changed. Be sure to check back often to obtain the very latest version of the desired security tool, as this site will be updated often.
|