Support User Manuals

Sun Microsystems 820433510 Server User Manual

Open as PDF

of 256

keytool -delete

-alias keyAlias

-keystore keystore-name

-storepass password

Using Network Security Services (NSS) Tools

In the Clusters and Enterprise Prole, use Network Security Services (NSS) digital certicates

on the server-side to manage the database that stores private keys and certicates. For the client

side (appclient or stand-alone), use the JSSE format as discussed in

“Using Java Secure Socket

Extension (JSSE) Tools” on page 112

.

The tools for managing security with Network Security Services (NSS) include the following:

■

certutil, a command-line utility for managing certicates and key databases. Some

examples using the certutil utility are shown in

“Using the certutil Utility” on page 117.

■

pk12util, a command-line utility used to import and export keys and certicates between

the certicate/key databases and les in PKCS12 format. Some examples using the pk12util

utility are shown in

“Importing and Exporting Certicates Using the pk12util Utility” on

page 118

.

■

modutil, a command-line utility for managing PKCS #11 module information within

secmod.db les or within hardware tokens. Some examples using the modutil utility are

shown in

“Adding and Deleting PKCS11 Modules using modutil” on page 119.

The tools are located in the as-install/lib/ directory. The following environment variables are

used to point to the location of the NSS security tools:

■

LD_LIBRARY_PATH =${as-install}/lib

■

${os.nss.path}

In the examples, the certicate common name (CN) is the name of the client or server. The CN

is also used during SSL handshake for comparing the certicate name and the host name from

which it originates. If the certicate name and the host name do not match, warnings or

exceptions are generated during SSL handshake. In some examples, the certicate common

name CN=localhost is used for convenience so that all users can use that certicate instead of

creating a new one with their real host name.

The examples in the following sections demonstrate usage related to certicate handling using

NSS tools:

■

“Using the certutil Utility” on page 117

■

“Importing and Exporting Certicates Using the pk12util Utility” on page 118

■

“Adding and Deleting PKCS11 Modules using modutil” on page 119

UsingNetworkSecurityServices (NSS)Tools

SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008116

previous next