Listing Keys and Certificates | Sun Microsystems 820433510 specs

Using Hardware Crypto Accelerator With Enterprise Server

Listing Keys and Certificates

■To list the keys and certificates in the configured PKCS#11 tokens, run the following command:

certutil -L -d AS_NSS_DB [-h tokenname]

For example, to list the contents of the default NSS soft token, type:

certutil -L -d AS_NSS_DB

The standard output will be similar to the following:

verisignc1g1T,c,c

verisignc1g2T,c,c

verisignc1g3T,c,c

verisignc2g3T,c,c

verisignsecureserver T,c,c

verisignc2g1T,c,c

verisignc2g2T,c,c

verisignc3g1T,c,c

verisignc3g2T,c,c

verisignc3g3T,c,c

s1as

u,u,u

The output displays the name of the token in the left column and a set of three trust attributes in the right column. For Enterprise Server certificates, it is usually T,c,c. Unlike the J2SE java.security.KeyStore API, which contains only one level of trust, the NSS technology contains several levels of trust. Enterprise Server is primarily interested in the first trust attribute, which describes how this token uses SSL. For this attribute:

T indicates that the Certificate Authority (CA) is trusted for issuing client certificates. u indicates that you can use the certificates (and keys) for authentication or signing. The attribute combination of u,u,u indicates that a private key exists in the database.

■To list the contents of the hardware token, mytoken, run the following command:

certutil -L -d AS_NSS_DB -h mytoken

You will be prompted for the password for the hardware token. The standard output is similar to the following:

Enter Password or Pin for "mytoken":

mytoken:Server-Cert

u,u,u

Chapter 9 • Configuring Security

123

Image 123

Sun Microsystems 820433510 manual Listing Keys and Certificates, Standard output will be similar to the following

Contents

Sun Microsystems, Inc Network Circle Santa Clara, CA Sun GlassFish Enterprise Server 2.1 Administration Guide 090122@21808 Contents Jdbc Resources Java Business Integration Foreign JMS Providers Accessing Remote ServersConfiguring JMS Provider Properties IBM Informix Type 4 Driver CloudScape 5.1 Type 4 Driver Web and EJB Containers Configuring Security 127 153 141149 Virtual Servers 149 Http Listeners 150 163 What is the ORB? 162 Iiop Listeners158 161 219 About Management Rules 215 Configuring Management Rules 216Tuning the JVM Settings 219 215 244 Asadmin UtilityProfiler and SSL Commands 231Page Figures Page JVM Statistics for Java SE Runtime 189 Tables Deployment Commands 239 Remote Commands Required Options 234Server Lifecycle Commands 237 List and Status Commands 238 Examples Page Preface Sun GlassFish Enterprise Server Documentation SetTable P-1Books in the Enterprise Server Documentation Set Table P-2Default Paths and File Names Default Paths and File Names Table P-3Typographic Conventions Symbol ConventionsSymbol Conventions Typographic Conventions Documentation, Support, and Training Third-Party Web Site ReferencesSun Welcomes Your Comments This section contains the following topics Enterprise Server OverviewEnterprise Server Overview and Concepts Enterprise Server Overview Http//hostnameport Tools for AdministrationAdmin Console For example Command-line Interface asadmin Utility To list the commands available within asadminJConsole Domain Administration Server DAS Enterprise Server ConceptsDomain Usage Profiles 1Features Available for Each Profile Features Available for Each Profile ClusterNode Agent 1Enterprise Server Instance Server Instance 2Enterprise Server Listeners that Use Ports Ports in the Enterprise Server Basic Enterprise Server Commands Creating a DomainHttp//hostname5000 Deleting a Domain Listing DomainsStarting the Domain Restarting the Domain Starting the Default Domain on WindowsStopping the Default Domain on Windows Stopping the Domain Starting a Node Agent Starting a ClusterStopping a Cluster Creating a Node Agent Restarting an Instance Stopping a Node AgentStarting an Instance Stopping an Instance To migrate the DAS Recreating the Domain Administration Server Change Page JBI Components Service EnginesJava Business Integration JBI Environment JBI Component Loggers Binding Components Service Assemblies JBI Descriptors Shared Libraries Jdbc Resources Jdbc Resources How Jdbc Resources and Connection Pools Work Together Jdbc Connection Pools Setting Up Database Access Creating a Jdbc Connection Pool Working with Jdbc Connection Pools Click OK Editing a Jdbc Connection Pool Change connection validation settings By calling the con.getAutoCommit and con.getMetaData methods Editing Jdbc Connection Pool Advanced Attributes Creation Retry Attempts is greater than Configurations for Specific Jdbc Drivers Configurations for Specific Jdbc Drivers DataSource Classname Specify one of the following Java DB Type 4 Driver DataSource Classname com.sun.sql.jdbcx.db2.DB2DataSource Sun GlassFish Jdbc Driver for DB2 Databases Sun GlassFish Jdbc Driver for Microsoft SQL Server Databases DataSource ClassnameSpecify one of the following IBM DB2 8.1 Type 2 DriverDataSource Classname com.ibm.db2.jcc.DB2SimpleDataSource DeferPrepares Set to false MySQL Type 4 Driver Inet Oraxo Jdbc Driver for Oracle 8.1.7 and 9.x DatabasesCom.mysql.jdbc.jdbc2.optional.MysqlDataSource Jdbcinetoralocalhost1521payrolldb Inet Merlia Jdbc Driver for Microsoft SQL Server DatabasesDataSource Classname com.inet.ora.OraDataSource DataSource Classname com.inet.tds.TdsDataSource DataSource Classname com.inet.syb.SybDataSource Inet Sybelux Jdbc Driver for Sybase Databases OCI Oracle Type 2 Driver for Oracle 8.1.7 Databases Jdbcoraclethin@localhost1521customerdbJdbcoracleoci@localhost1521customerdb IBM Informix Type 4 Driver CloudScape 5.1 Type 4 DriverDataSource Classname com.ibm.db2.jcc.DB2DataSource Page JMS Resources Configuring Java Message Service Resources Relationship Between JMS Resources and Connector Resources JMS Connection Factories JMS Destination ResourcesJMS Physical Destinations Configuring JMS Provider Properties Foreign JMS Providers Accessing Remote Servers Resource Adapter Properties Configuring the Generic Resource Adapter False Foreign JMS Providers ManagedConnectionFactory Properties Activation Spec Properties Administered Object Resource Properties Configuring Java Message Service Resources Message causes a runtime exception Creating a JavaMail Session Configuring JavaMail Resources Creating a JavaMail Session Jndi Resources Java EE Naming Services Naming References and Binding Information Using Custom Resources Using External Jndi Repositories and Resources1JNDI Lookups and Their Associated References Using External Jndi Repositories and Resources An Overview of Connectors Connector Resources Managing Connector Connection Pools To Create a Connector Connection PoolSpecify this name when creating a connector resource Create-connector-connection-pool To Edit a Connector Connection Pool Same transaction level as that specified in resource To Edit Connector Connection Pool Advanced Attributes Pool. Default value is false To Edit Connection Pool Properties To Delete a Connector Connection PoolTo create security maps for connector connection pools To Edit Security Maps for Connector Connection Pools Delete-connector-connection-pool Managing Connector ResourcesTo Set Up EIS Access To Create a Connector Resource To Edit a Connector Resource To Delete a Connector ResourceCreate-connector-resource Managing Administered Object Resources To Configure the Connector ServiceDelete-connector-resource To Create an Administered Object Resource Delete-admin-object To Edit an Administered Object ResourceTo Delete an Administered Object Resource Create-admin-object SIP Servlet Container Web and EJB Containers Editing the Properties of the SIP Container Editing SIP Container General AttributesEditing SIP Container Session Properties Web Container EJB ContainerEditing SIP Container Session Manager Properties Page Understanding Application and System Security Configuring Security Tools for Managing Security Asadmin create-password-alias --user admin jms-password Managing Security of PasswordsEncrypting a Password in the domain.xml File Asadmin create-password-alias --user admin alias-name Restart the Enterprise Server Protecting Files with Encoded PasswordsChanging the Master Password Restart the Enterprise Server for the relevant domain Working with the Master Password and Keystores Changing the Admin Password About Authentication and Authorization Authenticating Entities1Enterprise Server Authentication Methods Authorizing Users Specifying Jacc ProvidersVerifying Single Sign-On Understanding Users, Groups, Roles, and Realms Configuring Message Security Groups Users Realms Roles Create a Jdbc realm To Configure a Jdbc Realm for a Web, EJB Application Introduction to Certificates and SSL About Digital CertificatesFollowing topics are discussed in this section About Certificate Chains About Secure Sockets Layer About Ciphers Using Name-based Virtual Hosts About Certificate Files About Firewalls Using Java Secure Socket Extension Jsse Tools Using the keytool UtilityChanging the Location of Certificate Files Delete a certificate from a keystore of type JKS Display certificate information from a keystore of type JKS Generating a Certificate Using thekeytool Utility Certificate was added to keystore Saving cacerts.jks Deleting a Certificate Using thekeytool Utility Using Network Security Services NSS Tools Storepass passwordKeytool -delete Certutil -L -d $CERTDBDIR Using the certutil UtilityVerify the certificates generated in the previous bullet Display available certificates Move a certificate from an NSS database to JKS format Delete a certificate from an NSS certificate database List available token modules in an NSS store Modutil -list -dbdir $admin.domain.dir/$admin.domain/configAdd a new PKCS11 module or token Delete a PKCS11 module from an NSS store About Configuring Hardware Crypto Accelerators Using Hardware Crypto Accelerator With Enterprise Server Configuring PKCS#11 Tokens Standard output will look similar to the followingModutil -list -dbdir Asnssdb This section describes the following topics Managing Keys And Certificates Standard output will be similar to the following Listing Keys and Certificates Configuring J2SE 5.0 PKCS#11 Providers Configuration for the SCA 1000 hardware acceleratorWorking With Private Keys and Certificates Name=HW1000 Library=/opt/SUNWconn/crypto/lib/libpkcs11.so Property name=mytoken value=&InstallDir/mypkcs11.cfg 126 Overview of Message Security Configuring Message Security System Administrator Understanding Message Security in the Enterprise ServerAssigning Message Security Responsibilities Application Deployer Application DeveloperAbout Username Tokens About Digital Signatures About EncryptionAbout Message Protection Policies Response Policy Glossary of Message Security Terminology Securing a Web Service Configuring the Enterprise Server for Message Security Configuring Application-Specific Web Services SecuritySecuring the Sample Application Actions of Request and Response Policy Configurations Configuring Other Security Facilities Configuring a JCE ProviderAfter You Finish Security.provider.1=sun.security.provider.Sun Save and close the file Enabling Providers for Message Security Message Security Setup Configuring the Message Security Provider To specify the default server providerTo specify the default client provider Enabling Message Security for Application Clients Creating a Message Security Provider Response-policy Further Information Configuring the Diagnostic Service What is the Diagnostic Framework?Diagnostic Service Framework Generating a Diagnostic Report What is a Transaction? TransactionsAbout Transactions Transactions in Java EE Technology What is a Transaction? on Configuring Transactions on Workarounds for Specific Databases Admin Console Tasks for TransactionsConfiguring Transactions This section explains how to configure transaction settings Set any needed properties To set a transaction timeout value To set the location of the transaction logs To set the keypoint interval Default value is Virtual Servers Configuring the Http Service Http Listeners Configuring the Http Service 151 152 Overview of Web Services Managing Web Services Java EE Web Service Standards Web Services Standards Deploying Web Services Deploying and Testing Web Services Web Services Security Using Web Services RegistriesViewing Deployed Web Services Testing Web Services Adding a Registry Publishing a Web Service to a Registry Transforming Messages with Xslt Filters Monitoring Web Services Monitoring Web Service Messages Viewing Web Service Statistics 160 An Overview of the Object Request Broker Configuring the Object Request Broker Iiop Listeners Configuring the ORBWhat is the ORB? Managing Iiop Listeners Thread Pools Working with Thread Pools Configuring Logging About LoggingLog Records 1Enterprise Server Logger Namespaces Logger Namespace Hierarchy JTS Enterprise Server Logger Namespaces Configuring Logging Configuring General Logging SettingsConfiguring Log Levels Viewing Server Logs 171000.000Details ThreadID=13 Monitoring Components and Services About MonitoringMonitoring in the Enterprise Server Following sections describe these sub-trees Overview of MonitoringAbout the Tree Structure of Monitorable Objects Applications Tree Http Service Tree Connector Service Tree JMS Service TreeResources Tree Orb Connection-managers Connection-manager-1 About Statistics for Monitored Components and ServicesORB Tree Thread Pool Tree 1EJB Statistics EJB Container Statistics 3EJB Session Store Statistics 2EJB Method Statistics EJB Session Store Statistics 5EJB Cache Statistics 4EJB Pool Statistics 6Timer Statistics Web Container Statistics7Web Container Servlet Statistics 8Web Container Web Module Statistics Http Service Statistics Jdbc Connection Pools Statistics 9HTTP Service Statistics Developer Profile 10JDBC Connection Pool Statistics 11Connector Connection Pool Statistics JMS/Connector Service Statistics 12Connector Work Management Statistics Statistics for Connection Managers in an ORB13Connection Manager in an ORB Statistics 14Thread Pool Statistics Transaction Service Statistics15Transaction Service Statistics Thread Pools Statistics 17JVM Statistics for Java SE- Class Loading 15 Transaction Service StatisticsJava Virtual Machine JVM Statistics JVM Statistics 18JVM Statistics for Java SE- Compilation 19JVM Statistics for Java SE- Garbage Collection20JVM Statistics for Java SE- Memory Following table 21JVM Statistics for Java SE Operating System22JVM Statistics for Java SE Runtime 23JVM Statistics for Java SE Thread Info 24JVM Statistics for Java SE Threads Enabling and Disabling Monitoring Configuring Monitoring Levels Using the Admin Console To Configure Monitoring Levels Using asadminReturns Viewing Monitoring Data Viewing Monitoring Data in the Admin ConsoleViewing Monitoring Data With the asadmin Tool To Use the asadmin monitor Command to View Monitoring Data 531628032 45940736 Understanding and Specifying Dotted Names Command returns the following attributes and dataAsadmin get --user adminuser --monitor server.jvm Server.http-service Server.applications.petstore Examples of the list and get Commands Asadmin list --user admin-user--monitor server.applications Examples for the list --user admin-user --monitor CommandExamples for the get --user admin-user --monitor Command Asadmin list --user admin-user--monitor server Attempt to get all attributes from a Java EE application Asadmin get --user admin-user--monitor server.jvm Returns output will be similar to Asadmin get --user admin-user--monitor server.jvm.badnameTo Use the PetStore Example Attempt to get a specific attribute from a subsystem Server.http-service Server.resources Server.thread-pools Asadmin list -m server.applications.petstore.signon-ejbjarReturns with dotted name removed for space considerations Monitoring Components and Services 201 Expected Output for list and get Commands at All Levels Applications Level Top Level Application has been deployed. It is not applicable if a Monitoring Components and Services 205 List -m Server.applications.app1 29Thread-Pools Level 28HTTP-Service Level 31Transaction-Service Level Resources LevelORB Level Using JConsole LevelJVM Level Securing JConsole to Application Server Connection Connecting JConsole to Application Server Prerequisites for Connecting JConsole to Application Server Connecting JConsole Securely to Application Server Monitoring Components and Services 213 214 About Management Rules Configuring Management Rules Configuring Management Rules Configuring Management Rules 217 218 Tuning the JVM Settings Java Virtual Machine and Advanced Settings Configuring Advanced Settings Automatically Restarting a Domain or Node Agent Restarting Automatically on SolarisThis Appendix contains the following topics Restarting Automatically on Solaris Restarting Automatically on the Microsoft Windows Platform Creating a Windows Service Start= auto DisplayName= display-name Process name=as-service-name Sysproperty key=-Xrs Security for Automatic RestartsJvm-options-Xrs/jvm-options 226 Top Level Elements Dotted Name Attributes for domain.xml Top Level Elements Elements Not Aliased Elements Not Aliased 230 Asadmin Utility Asadmin Utility Appendix C The asadmin Utility 233 Table C-1Remote Commands Required Options Common Options for Remote Commands Prefix followed by the password name in uppercase letters Multimode Command Get, Set, and List Commands Table C-2Server Lifecycle Commands Server Lifecycle Commands List and Status Commands Table C-2 Server Lifecycle CommandsTable C-3List and Status Commands Table C-4Deployment Commands Deployment Commands Table C-6Message Queue Commands Version CommandsMessage Queue Administration Commands Table C-5Version Commands Table C-7Resource Management Commands Resource Management Commands Table C-7 Resource Management Commands Table C-8IIOP Listener Commands Configuration CommandsHttp and Iiop Listener Commands Lifecycle and Audit Module Commands Table C-10Profiler and SSL Commands Profiler and SSL CommandsJVM Options and Virtual Server Commands Table C-9Lifecycle Module Commands Table C-12Threadpool and Auth-Realm Commands Threadpool and Auth-Realm CommandsTransaction and Timer Commands Table C-11JVM Options and Virtual Server Commands Table C-14Transaction Commands User Management CommandsRegistry Commands Table C-13Transaction Commands Rules and Monitoring Commands Database CommandsTable C-16Rules and Monitoring Commands Table C-18Diagnostic and Logging Commands Diagnostic and Logging CommandsWeb Service Commands Table C-17Database Commands Table C-20Security Commands Security Service Commands Table C-21Password Commands Password Commands Verify Command Custom MBean CommandsService Command Table C-25Property Command Property Command ACC Index JMS Logging ORB 256