Manual Pages

Table of Contents


keymgr - key and certificate management


keymgr generate <type> <file_name> <attributes>

keymgr install <type> <path_name>

keymgr install key <path_name> <PASSWORD>

keymgr list <type>

keymgr view <type> <file_name>

keymgr delete <type> <file_name>

Where <type> is one of,

certificate signing request
user certificate
root certificate
key file

Where <attributes> are,

Key length in bits (default 1024)
File name of private key
Common name (such as hostname)
Country name
State name
Locality name (such as the City name)
Organization name (such as Company)
Organization unit name


keymgr manages private keys, certificate signing requests, user certificates, and root certificates for Node.

A private key is a mathematical value of an asymmetric key pair that is not shared with trading partners. A private key works in conjunction with the public key to encrypt and decrypt data.

A certificate signing request (CSR) is an unsigned certificate for submission to a Certification Authority (CA), which signs it with the Private Key of their CA Certificate. Once a CSR is signed, it becomes a user certificate.

A user certificate is a digital ID. It is signed and issued by a certification authority. It contains a unique name, a serial number, expiration dates, a public key and the digital signature of the certificate-issuing authority.

keymgr generate command can be used to generate a private key, a certificate signing request, a self signed user certificate, or a root certificate.

keymgr install command can be used to install a private key, a user certificate, or a root certificate on the Node. In most cases, a private key is generated on the same Node by using the keymgr generate command. However, private keys can also be generated on a different host, which may generate better random keys than the Node. A user certificate is generally issued as a response to a certificate signing request and sent back by a CA (via an out-of-band mechanism such as mail). In order to be able to verify the peer's user certificates, the system administrator must install root certificates that sign those user certificates.

keymgr list command can be used to list all the private keys, certificate signing requests, user certificates and root certificates.

keymgr view command can be used to view a certificate signing request, user certificate or a root certificate.

keymgr delete command can be used to delete a private key, certificate signing request, user certificate or root certificate. If the key, user certificate, or root certificate is currently used by any application, it can not be deleted.


  keymgr generate cert MyCertFile KeyLen = 1024 KeyFile = MyKeyFile Common =
       MyFiler Country = US State = CA Local = Sunnyvale Org =
       MyCompany Unit = MyGroup

  keymgr list cert

  keymgr view cert MyCertFile

  keymgr install cert /etc/MyCASignedCert.pem

  keymgr install key /etc/MyPrivateKey.pem KEY_PASSWORD

Table of Contents