pk12util -o -n ${cert.nickname} -h ${token.name} -k ${pass.file}
-w ${cert.pass.file} -d ${admin.domain.dir}/${admin.domain}/config
Converta PKCS12 certicate into JKS format (requires a Java source):
<target name="convert-pkcs12-to-jks"depends="init-common">
<delete file="${jks.file}"failonerror="false"/>
<java classname="com.sun.enterprise.security.KeyTool">
<arg line="-pkcs12"/>
<arg line="-pkcsFile ${pkcs12.file}"/>
<arg line="-pkcsKeyStorePass ${pkcs12.pass}"/>
<arg line="-pkcsKeyPass ${pkcs12.pass}"/>
<arg line="-jksFile ${jks.file}"/>
<arg line="-jksKeyStorePass ${jks.pass}"/>
<classpath>
<pathelement path="${s1as.classpath}"/>
<pathelement path="${env.JAVA_HOME}/jre/lib/jsse.jar"/>
</classpath>
</java>
</target>
Addingand Deleting PKCS11 Modules using modutil
TheSecurity Module Database Tool,modutil, is a command-line utility for managing PKCS #11
(CryptographicToken Interface Standard) module information within secmod.db lesor
withinhardware tokens. You can use the tool to add and delete PKCS #11 modules, change
passwords,set defaults, list module contents, enable or disable slots, enable or disable
FIPS-140-1compliance, and assign default providers for cryptographic operations. This tool
canalso create key3.db,cert7.db, and secmod.db securitydatabase les. For more
informationon this tool, see
http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html.
Adda new PKCS11 module or token.
modutil -add ${token.module.name} -nocertdb -force -mechanisms RSA:DSA:RC4:DES
-libfile ${SCA.lib.path} -dbdir ${admin.domain.dir}/${admin.domain}/config
Deletea PKCS11 module from an NSS store.
modutil -delete ${token.module.name} -nocertdb -force -mechanisms RSA:DSA:RC4:DES
-libfile ${SCA.lib.path} -dbdir ${admin.domain.dir}/${admin.domain}/config
Listavailable token modules in an NSS store.
modutil -list -dbdir ${admin.domain.dir}/${admin.domain}/config
UsingNetworkSecurit y Services (NSS)Tools
Chapter9 Conguring Security 119