smdefca Command
Purpose
Defines an internal certificate authority.
Syntax
smdefca ca_name -o organization -c country_code -d pub_dir [ -e mm/dd/yyyy]
Description
The smdefca command is used to define an internal CA (Certificate Authority. When you define a CA, the following files are generated:
- /usr/websm/security/SM.caprivkr
- This is the CA private key ring that includes the CA private key and the CA certificate. It is created root protected and password encrypted.
- SMpubkr.class (created on the specified pub_dir)
- The public key ring file.
If a CA is already defined on the current machine, the smundefca command must be used first to unconfigure it.
Use the /usr/websm/bin/wsm command to access the graphical interface. The fast path is wsm system.
Flags
Item | Description |
---|---|
ca_name | A name that uniquely defines your CA. The machine full TCP/IP
name with some additional serial number might be a good choice. If
you ever redefine a CA, it is recommended that you use a different
name in order to identify which CA, by name, is used by each server
and client. Note: Do not set the CA name to be exactly the machine's full TCP/IP name (this will break the SMGate utility, in case you want to use it in managing this machine from a remote browser). |
-o organization | Organization name (required for the CA certificate). |
-c country_code | Two-letter ISO country code (required for the CA certificate). |
-d pub_dir | The output directory for the public key ring file SMpubkr.class. |
-e mm/dd/yyyy | Expiration date for the CA certificate. The default expiration date is four years from the date of issuing the command. |
Examples
smdefca IBMCA1 -o IBM -c US -d /usr/websm/security/tmp -e 12/31/1999
Files
Item | Description |
---|---|
/usr/websm/security/SMpubkr.class | CA public key ring file. |
/usr/websm/security/SMCa.log | Lists detailed information on all operations executed by the CA. |
/usr/websm/security/SMCa.sn | Certificate number file. |
/usr/websm/security/SM.caprivkr | Certificate private key ring file. |