[ Next Article |
Previous Article |
Book Contents |
Library Home |
Legal |
Search ]
Commands Reference, Volume 5
smdefca Command
Purpose
Defines an internal certificate authority.
smdefca ca_name -o
organization -c country_code
-d pub_dir [-e
mm/dd/yyyy]
Description
The smdefca command is used to define an internal CA
(Certificate Authority) for
Web-based System Manager servers and clients on the current machine. When you define a
Web-based System Manager-CA, the following files are generated:
- /usr/websm/security/SM.caprivkr
- This is the CA private key ring that includes the CA private key
and the CA certificate. This is the most sensitive
file from the aspect of Web-based System Manager security. It is created root protected
and password encrypted.
- SMpubkr.class (created on the specified pub_dir)
- The public key ring file. This file has to be distributed to each
Web-based System Manager client (for application mode) and server (for applet mode) and should
be placed in /usr/websm/codebase.
If a CA is already defined on the current machine, the smundefca command must be used first to unconfigure it.
Use the /usr/websm/bin/wsm command to access the graphical interface. The fast path is wsm system.
Flags
| ca_name |
A name that uniquely
defines your Web-based System Manager-CA. The machine full TCP/IP name with some additional serial
number might be a good choice. If you ever redefine a CA, it is recommended that
you use a different name in order to identify which CA, by name, is used by each
server and client.
Note: Do not set the CA name to be exactly the machine's full
TCP/IP name (this will break the SMGate utility, in case you want to use it in
managing this machine from a remote browser). |
| -o
organization |
Organization name (required for the CA
certificate). |
| -c country_code |
Two-letter ISO country code (required for the CA certificate). |
| -d pub_dir |
The
output directory for the public key
ring file SMpubkr.class. |
| -e mm/dd/yyyy |
Expiration date for the CA certificate. The default expiration date is four
years from the date of issuing the command. |
Examples
smdefca IBMCA1 -o IBM -c US -d /usr/websm/security/tmp -e 12/31/1999
Files
| /usr/websm/security/SMpubkr.class |
CA public key ring
file. |
| /usr/websm/security/SMCa.log |
Lists
detailed information on all operations executed by the CA. |
| /usr/websm/security/SMCa.sn |
Certificate number file. |
| /usr/websm/security/SM.caprivkr |
Certificate private key ring file. |
Related Information
The smcaprop, smexpcacert, smimpcacert, smlistcerts, smsigncert, and the smundefca command.
See the
Setting Up and Running Web-based System Manager in AIX Version 4.3 System Management Guide: Operating System and Devices.
[ Next Article |
Previous Article |
Book Contents |
Library Home |
Legal |
Search ]