beautypg.com

Adding and deleting pkcs11 modules using modutil – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual

Page 119

background image

pk12util -o -n ${cert.nickname} -h ${token.name} -k ${pass.file}

-w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config

Convert a PKCS12 certificate into JKS format (requires a Java source):

<target name=

"convert-pkcs12-to-jks" depends="init-common">

<delete file=

"${jks.file}" failonerror="false"/>

<java classname=

"com.sun.enterprise.security.KeyTool">

<arg line=

"-pkcs12"/>

<arg line=

"-pkcsFile ${pkcs12.file}"/>

<arg line=

"-pkcsKeyStorePass ${pkcs12.pass}"/>

<arg line=

"-pkcsKeyPass ${pkcs12.pass}"/>

<arg line=

"-jksFile ${jks.file}"/>

<arg line=

"-jksKeyStorePass ${jks.pass}"/>

<classpath>

<pathelement path=

"${s1as.classpath}"/>

<pathelement path=

"${env.JAVA_HOME}/jre/lib/jsse.jar"/>

</classpath>

</java>

</target>

Adding and Deleting PKCS11 Modules using modutil

The Security Module Database Tool, modutil, is a command-line utility for managing PKCS #11
(Cryptographic Token Interface Standard) module information within secmod.db files or
within hardware tokens. You can use the tool to add and delete PKCS #11 modules, change
passwords, set defaults, list module contents, enable or disable slots, enable or disable
FIPS-140-1 compliance, and assign default providers for cryptographic operations. This tool
can also create key3.db, cert7.db, and secmod.db security database files. For more
information on this tool, see

http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html

.

Add a new PKCS11 module or token.

modutil -add ${token.module.name} -nocertdb -force -mechanisms RSA:DSA:RC4:DES

-libfile ${SCA.lib.path} -dbdir ${admin.domain.dir}/${admin.domain}/config

Delete a PKCS11 module from an NSS store.

modutil -delete ${token.module.name} -nocertdb -force -mechanisms RSA:DSA:RC4:DES

-libfile ${SCA.lib.path} -dbdir ${admin.domain.dir}/${admin.domain}/config

List available token modules in an NSS store.

modutil -list

-dbdir ${admin.domain.dir}/${admin.domain}/config

Using Network Security Services (NSS) Tools

Chapter 9 • Configuring Security

119