beautypg.com

Using network security services (nss) tools – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual

Page 116

background image

keytool -delete

-alias

keyAlias

-keystore

keystore-name

-storepass

password

Using Network Security Services (NSS) Tools

In the Clusters and Enterprise Profile, use Network Security Services (NSS) digital certificates
on the server-side to manage the database that stores private keys and certificates. For the client
side (appclient or stand-alone), use the JSSE format as discussed in

“Using Java Secure Socket

Extension (JSSE) Tools” on page 112

.

The tools for managing security with Network Security Services (NSS) include the following:

certutil

, a command-line utility for managing certificates and key databases. Some

examples using the certutil utility are shown in

“Using the certutil Utility” on page 117

.

pk12util

, a command-line utility used to import and export keys and certificates between

the certificate/key databases and files in PKCS12 format. Some examples using the pk12util
utility are shown in

“Importing and Exporting Certificates Using the pk12util Utility” on

page 118

.

modutil

, a command-line utility for managing PKCS #11 module information within

secmod.db

files or within hardware tokens. Some examples using the modutil utility are

shown in

“Adding and Deleting PKCS11 Modules using modutil” on page 119

.

The tools are located in the as-install/lib/ directory. The following environment variables are
used to point to the location of the NSS security tools:

LD_LIBRARY_PATH =${

as-install}/lib

${

os.nss.path}

In the examples, the certificate common name (CN) is the name of the client or server. The CN
is also used during SSL handshake for comparing the certificate name and the host name from
which it originates. If the certificate name and the host name do not match, warnings or
exceptions are generated during SSL handshake. In some examples, the certificate common
name CN=localhost is used for convenience so that all users can use that certificate instead of
creating a new one with their real host name.

The examples in the following sections demonstrate usage related to certificate handling using
NSS tools:

“Using the certutil Utility” on page 117

“Importing and Exporting Certificates Using the pk12util Utility” on page 118

“Adding and Deleting PKCS11 Modules using modutil” on page 119

Using Network Security Services (NSS) Tools

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

116

See also other documents in the category Sun Microsystems Computers: