Sun Microsystems 820433510 UsingNetwork Security Ser vices (NSS)Tools

keytool -delete

-alias keyAlias

-keystore keystore-name

-storepass password

UsingNetwork Security Ser vices (NSS)Tools

Inthe Clusters and Enterprise Prole, use Network Security Services (NSS) digital certicates

onthe server-side to manage the database that stores private keys and certicates. For the client

side(appclient or stand-alone), use the JSSE format as discussed in “Using Java Secure Socket

Extension(JSSE) Tools” on page 112.

Thetools for managing security with Network Security Services (NSS) include the following:

■certutil,a command-line utility for managing certicates and key databases. Some

examplesusing the certutil utilityare shown in “Using the certutil Utility”on page 117.

■pk12util,a command-line utility used to import and export keys and certicates between

thecerticate/key databases and les in PKCS12 format. Some examples using the pk12util

utilityare shown in “Importing and Exporting Certicates Using the pk12util Utility”on

page118.

■modutil,a command-line utility for managing PKCS #11 module information within

secmod.dbles or within hardware tokens. Some examples using the modutil utilityare

shownin “Adding and Deleting PKCS11 Modules using modutil” on page 119.

Thetools are located in the as-install/lib/ directory.The following environment variables are

usedto point to the location of the NSS security tools:

■LD_LIBRARY_PATH =${as-install}/lib

■${os.nss.path}

Inthe examples, the certicate common name (CN) is the name of the client or server. The CN

isalso used during SSL handshake for comparing the certicate name and the host name from

whichit originates. If the certicate name and the host name do not match, warnings or

exceptionsare generated during SSL handshake. In some examples, the certicate common

nameCN=localhost isused for convenience so that all users can use that certicate instead of

creatinga new one with their real host name.

Theexamples in the following sections demonstrate usage related to certicate handling using

NSStools:

■“Usingthe certutil Utility”on page 117

■“Importingand Exporting Certicates Using the pk12util Utility”on page 118

■“Addingand Deleting PKCS11 Modules using modutil” on page 119

UsingNetworkSecurit y Services (NSS)Tools

SunGlassFishEnterprise Ser ver2.1 Administration Guide • December 2008116