Manual Pages


Table of Contents

NAME

keymgr - key and certificate management

SYNOPSIS

keymgr generate <type> <file_name> <attributes>

keymgr install <type> <path_name>

keymgr install key <path_name> <PASSWORD>

keymgr list <type>

keymgr view <type> <file_name>

keymgr delete <type> <file_name>

Where <type> is one of,

csr
certificate signing request
cert
user certificate
root
root certificate
key
key file

Where <attributes> are,

KeyLen
Key length in bits (default 1024)
KeyFile
File name of private key
Common
Common name (such as hostname)
Country
Country name
State
State name
Locality
Locality name (such as the City name)
Organization
Organization name (such as Company)
Unit
Organization unit name

DESCRIPTION

keymgr manages private keys, certificate signing requests, user certificates, and root certificates for Node.

A private key is a mathematical value of an asymmetric key pair that is not shared with trading partners. A private key works in conjunction with the public key to encrypt and decrypt data.

A certificate signing request (CSR) is an unsigned certificate for submission to a Certification Authority (CA), which signs it with the Private Key of their CA Certificate. Once a CSR is signed, it becomes a user certificate.

A user certificate is a digital ID. It is signed and issued by a certification authority. It contains a unique name, a serial number, expiration dates, a public key and the digital signature of the certificate-issuing authority.

keymgr generate command can be used to generate a private key, a certificate signing request, a self signed user certificate, or a root certificate.

keymgr install command can be used to install a private key, a user certificate, or a root certificate on the Node. In most cases, a private key is generated on the same Node by using the keymgr generate command. However, private keys can also be generated on a different host, which may generate better random keys than the Node. A user certificate is generally issued as a response to a certificate signing request and sent back by a CA (via an out-of-band mechanism such as mail). In order to be able to verify the peer's user certificates, the system administrator must install root certificates that sign those user certificates.

keymgr list command can be used to list all the private keys, certificate signing requests, user certificates and root certificates.

keymgr view command can be used to view a certificate signing request, user certificate or a root certificate.

keymgr delete command can be used to delete a private key, certificate signing request, user certificate or root certificate. If the key, user certificate, or root certificate is currently used by any application, it can not be deleted.

EXAMPLES

  keymgr generate cert MyCertFile KeyLen = 1024 KeyFile = MyKeyFile Common =
       MyFiler Country = US State = CA Local = Sunnyvale Org =
       MyCompany Unit = MyGroup

  keymgr list cert

  keymgr view cert MyCertFile

  keymgr install cert /etc/MyCASignedCert.pem

  keymgr install key /etc/MyPrivateKey.pem KEY_PASSWORD


Table of Contents