smdefca Command

Purpose

Defines an internal certificate authority.

smdefca ca_name -o organization -c country_code -d pub_dir [ -e mm/dd/yyyy]

The smdefca command is used to define an internal CA (Certificate Authority. When you define a CA, the following files are generated:

/usr/websm/security/SM.caprivkr: This is the CA private key ring that includes the CA private key and the CA certificate. It is created root protected and password encrypted.
SMpubkr.class (created on the specified pub_dir): The public key ring file.

If a CA is already defined on the current machine, the smundefca command must be used first to unconfigure it.

Use the /usr/websm/bin/wsm command to access the graphical interface. The fast path is wsm system.

Item	Description
ca_name	A name that uniquely defines your CA. The machine full TCP/IP name with some additional serial number might be a good choice. If you ever redefine a CA, it is recommended that you use a different name in order to identify which CA, by name, is used by each server and client. Note: Do not set the CA name to be exactly the machine's full TCP/IP name (this will break the SMGate utility, in case you want to use it in managing this machine from a remote browser).
-o organization	Organization name (required for the CA certificate).
-c country_code	Two-letter ISO country code (required for the CA certificate).
-d pub_dir	The output directory for the public key ring file SMpubkr.class.
-e mm/dd/yyyy	Expiration date for the CA certificate. The default expiration date is four years from the date of issuing the command.

smdefca IBMCA1 -o IBM -c US -d /usr/websm/security/tmp -e 12/31/1999

Item	Description
/usr/websm/security/SMpubkr.class	CA public key ring file.
/usr/websm/security/SMCa.log	Lists detailed information on all operations executed by the CA.
/usr/websm/security/SMCa.sn	Certificate number file.
/usr/websm/security/SM.caprivkr	Certificate private key ring file.