Table of Contents
keymgr install <type> <path_name>
keymgr install key <path_name> <PASSWORD>
keymgr list <type>
keymgr view <type> <file_name>
keymgr delete <type> <file_name>
Where <type> is one of,
A private key is a mathematical value of an asymmetric key pair that is not shared with trading partners. A private key works in conjunction with the public key to encrypt and decrypt data.
A certificate signing request (CSR) is an unsigned certificate for submission to a Certification Authority (CA), which signs it with the Private Key of their CA Certificate. Once a CSR is signed, it becomes a user certificate.
A user certificate is a digital ID. It is signed and issued by a certification authority. It contains a unique name, a serial number, expiration dates, a public key and the digital signature of the certificate-issuing authority.
keymgr generate command can be used to generate a private key, a certificate signing request, a self signed user certificate, or a root certificate.
keymgr install command can be used to install a private key, a user certificate, or a root certificate on the Node. In most cases, a private key is generated on the same Node by using the keymgr generate command. However, private keys can also be generated on a different host, which may generate better random keys than the Node. A user certificate is generally issued as a response to a certificate signing request and sent back by a CA (via an out-of-band mechanism such as mail). In order to be able to verify the peer's user certificates, the system administrator must install root certificates that sign those user certificates.
keymgr list command can be used to list all the private keys, certificate signing requests, user certificates and root certificates.
keymgr view command can be used to view a certificate signing request, user certificate or a root certificate.
keymgr delete command can be used to delete a private key, certificate signing request, user certificate or root certificate. If the key, user certificate, or root certificate is currently used by any application, it can not be deleted.
keymgr generate cert MyCertFile KeyLen = 1024 KeyFile = MyKeyFile Common = MyFiler Country = US State = CA Local = Sunnyvale Org = MyCompany Unit = MyGroup
keymgr list cert
keymgr view cert MyCertFile
keymgr install cert /etc/MyCASignedCert.pem
keymgr install key /etc/MyPrivateKey.pem KEY_PASSWORD
Table of Contents