1. Manuals
  2. Brands
  3. Netscape Manuals
  4. Software
  5. NETSCAPE MANAGEMENT SYSTEM 4.5 -...
  6. Manual

Netscape MANAGEMENT SYSTEM 4.5 - COMMAND-LINE Manual

Command-line tools guide
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Command-Line Tools Guide
Netscape Certificate Management System
Version 4.5
October 2001

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE and is the answer not in the manual?

Questions and answers

Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE

Summary of Contents for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE

  • Page 1 Command-Line Tools Guide Netscape Certificate Management System Version 4.5 October 2001...
  • Page 2 Netscape Communications Corporation (“Netscape”), a subsidiary of America Online, Inc., and its licensors retain all ownership rights to the software programs offered by Netscape (referred to herein as “Software”) and related documentation. Use of the Software and related documentation is governed by the license agreement accompanying the Software and applicable copyright law. Your right to copy this documentation is limited by copyright law.

  • Page 3: Table Of Contents

    Contents About This Guide ............. . . 9 What You Should Already Know .
  • Page 4 The setpin Command ..............28 Command-Line Syntax .
  • Page 5 Chapter 10 Pretty Print CRL Tool ..........61 Availability .
  • Page 6 Tips and Techniques ..............93 SignTool Syntax and Options .
  • Page 7 Usage ................128 Restricting Ciphers .
  • Page 8 Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 9: About This Guide

    About This Guide The Command-Line Tools Guide describes various command-line tools or utilities that are bundled with Netscape Certificate Management System (CMS). It provides the information such as the command syntax, platform support, examples, and so on, required to use these tools. This preface has the following sections: •...

  • Page 10: What's In This Guide

    What’s in This Guide • Understand the concepts of intranet, extranet, and the Internet security and the role of digital certificates in a secure enterprise. These include the following topics: Encryption and decryption Public keys, private keys, and symmetric keys Significance of key lengths Digital signatures Digital certificates, including various types of digital certificates...

  • Page 11: Conventions Used In This Guide

    Conventions Used in This Guide • Chapter 5, “Extension Joiner Tool” Describes how to use the tool for joining MIME-64 encoded formats of certificate extensions to create a single blob. • Chapter 7, “ASCII to Binary Tool” Describes how to use the tool for converting ASCII data to its binary equivalent.
  • Page 12 Conventions Used in This Guide • Italic—Italic type is used for emphasis, book titles, and glossary terms. Example: This control depends on the access permissions the superadministrator has set up for you. • Text within “quotation marks”—Indicates cross-references to other topics within this guide.

  • Page 13: Where To Go For Related Information

    Where to Go for Related Information Where to Go for Related Information This section summarizes the documentation that ships with Certificate Management System, using these conventions: • is the directory where the CMS binaries are kept (specified <server_root> during installation). •...
  • Page 14 Where to Go for Related Information To view the HTML version of this guide, open this file: <server_root>/manual/en/cert/tools_guide/contents.htm To view the PDF version of this guide, open this file: <server_root>/manual/en/cert/pdf/cms45tools.pdf • CMS Customization Guide Provides detailed reference information on customizing the HTML-based agent and end-entity interfaces.

  • Page 15: Chapter 1 Command-Line Tools

    Chapter 1 Command-Line Tools Netscape Certificate Management System (CMS) is bundled with various command-line utilities. This chapter summarizes these utilities and provides pointers to chapters that further explain them. Table 1-1 summarizes the command-line utilities that are bundled with Certificate Management System.
  • Page 16 Summary of command-line utilities (Continued) Table 1-1 Utility/Tool Function Kills or terminates system processes in Windows NT. For details, killproc see Chapter 3, “Kill Process Tool.” (Kill Process Tool) Generates PINs for end users for directory- and PIN-based setpin authentication. For details, see Chapter 4, “PIN Generator Tool.” (PIN Generator tool) Digitally signs any file, including log files.
  • Page 17 Summary of command-line utilities (Continued) Table 1-1 Utility/Tool Function Decompression utility executable. bin/cert/tools/unzip Compression utility executable. bin/cert/tools/zip perl scripting language executable. install/perl , and tools are AtoB BtoA PrettyPrintCert PrettyPrintCrl dumpasn1 useful for converting back and forth between various encodings and formats you may encounter when dealing with keys and certificates.
  • Page 18 Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 19: Chapter 2 Password Cache Utility

    Chapter 2 Password Cache Utility During the installation of Netscape Certificate Management System (CMS), the watchdog stores all the passwords required by the server for starting up—such as passwords for the internal or external tokens, the bind password used by Certificate Management System to access and update the internal database, the bind password used by Certificate Management System to access and update the LDAP directory used for authentication or publishing—in a password cache.

  • Page 20: Syntax

    Syntax Syntax You can run the utility by executing the following command from the directory: <server_root>/cert-<instance_id> PasswordCache <sso_password> <command> where specifies the current single sign-on password and <sso_password> can be any of the following: <command> list add <password_name> <password> change <password_name> <password> delete <password_name>...

  • Page 21: Changing The Single Sign-On Password

    Usage The sections that follow explain how you can accomplish the above mentioned tasks. NOTE The server queries the password cache only during start up, and hence recongnizes the changes you’ve made to the cache only if you restart the server from the command line. If you left any of the passwords blank, the server will prompt you to enter that during startup and from then on stores it in the password cache.

  • Page 22: Adding A New Entry To The Password Cache

    Usage In response, you should see something similar to this: ----- Password Cache ----- Internal LDAP Database : myIdbPwd Internal Key Storage Token : myTokenPwd LDAP Publishing: myLdapPubPwd Adding a New Entry to the Password Cache To add a new entry to the cache: Open a command window.

  • Page 23: Deleting An Entry From The Password Cache

    Usage At the prompt, enter the command below, substituting with <sso_password> the single sign-on password, with the string that describes <password_name> the password usage, and with the new password: <password> PasswordCache <sso_password> change <password_name> <password> For example, if your single sign-on password is , the string mySsoPwd describing the password usage is...

  • Page 24: Creating A New Password Cache

    Usage Creating a New Password Cache If you have changed CMS startup so that the server prompts for all the required passwords, instead of just the single sign-on password, and want to revert back to starting the server with a single sign-on password, you must create a new password cache.

  • Page 25: Chapter 3 Kill Process Tool

    Chapter 3 Kill Process Tool If an error causes Netscape Certificate Management System (CMS) to become unresponsive, and all attempts to stop it from Netscape Console fail, it may be necessary to kill the server processes manually. This chapter describes the utility, which enables you to terminate CMS processes manually.

  • Page 26: Usage

    Usage Usage If an error causes Certificate Management System to become unresponsive, and all attempts to stop it from Netscape Console fail, it may be necessary to kill the server processes manually. The processes that should be killed are identified as follows: •...

  • Page 27: Chapter 4 Pin Generator Tool

    Chapter 4 PIN Generator Tool For Netscape Certificate Management System (CMS) to use the authentication plug-in module named your authentication directory must UidPwdPinDirAuth contain unique PINs for each end entity to whom you intend to issue a certificate. To aid you in generating PINs for end-entity entries in a directory, Certificate Management System provides a command-line tool called the PIN Generator.

  • Page 28: The Setpin Command

    The setpin Command The setpin Command You run the PIN Generator by entering the command and its arguments in setpin a command shell and monitoring the output in the shell window. This section gives the syntax for the command and its arguments. For instructions on setpin generating PINs and storing them in your authentication directory, see section “Configuring Authentication for End-User Enrollment”...
  • Page 29 The setpin Command specifies the TCP/IP port to bind to; the default port number <port_number> is the default LDAP port, 389. • [certdb=<path> nickname=<certificate_nickname> | "binddn=<user_id>" bindpw=<bind_password> [SSL=yes | no]] Use this argument to specify how the tool should connect to the directory: whether to use basic authentication, SSL, or SSL with client authentication.
  • Page 30 The setpin Command • [attribute=<attribute_name_for_pins>] Use this argument to specify the authentication directory attribute to which PINs should be published. If you don’t specify an attribute, it defaults to the new attribute added to the authentication directory schema. • ["filter=<LDAP_search_filter>"] Use this argument to filter those DNs in the directory for which the tool should generate PINs.
  • Page 31 The setpin Command • [hash=sha1 | md5 | none] Use this argument to specify the message digest algorithm the tool should use to hash the PINs before storing them in the authentication directory. If you want to store PINs as SHA-1 or MD5 hashed values in the directory, be sure to specify an output file for storing PINs in plain text.

  • Page 32: Example

    How the Tool Works If you don’t specify this argument, the DN of the user is used. For details, see “How PINs Are Stored in the Directory” on page 37. • [debug] Use this argument to specify whether the tool should write debugging information (to the standard error).
  • Page 33 How the Tool Works For example: setpin host=laiking port=19000 "binddn=CN=Directory Manager" bindpw=netscape "filter=(ou=employees)" basedn=o=siroe.com This command, if run, will query the directory for all the entries that match the filter criteria, which in this case is all users belonging to an organizational unit ( called .
  • Page 34 How the Tool Works Examples of output follow: Processing: cn=QA Managers,ou=employees,o=siroe.com Adding new pin/password dn:cn=QA Managers,ou=employees,o=siroe.com pin:lDWynV status:notwritten Processing: cn=PD Managers,ou=employees,o=siroe.com Adding new pin/password dn:cn=PD Managers,ou=employees,o=siroe.com pin:G69uV7 status:notwritten Because the PIN Generator makes a lot of changes to your directory, it is important that you specify the correct filter;...

  • Page 35: Input File

    How the Tool Works If a PIN already exists for a user, it will by default not be changed if you run the command a second time. This is so that you can generate PINs for new setpin users without overwriting PINs for users who have previously been notified of their PINs.

  • Page 36: Output File

    How the Tool Works For example, you can set up your input file to look like this: dn:cn=user1, o=siroe.com <blank line> dn:cn=user2, o=siroe.com <blank line> dn:cn=user3, o=siroe.com You can also provide PINs, in plain-text format, for the DNs in the input file, which is then hashed according to the command-line arguments.

  • Page 37: How Pins Are Stored In The Directory

    How the Tool Works dn: <user_dn>2 pin: <generated_pin>2 status: <status>2 <blank line> dn: <user_dn>n pin: <generated_pin>n status: <status>n <blank line> where > is a distinguished name that matched the specified DN pattern <user_dn (specified by the DN filter) or that was in the input file (the DN file). By default, the delimiter is "...

  • Page 38: Exit Codes

    How the Tool Works byte[1...] = hash("DN"+"pin") The PIN is stored in the directory as a binary value, not as a base-64 encoded value. Exit Codes The PIN Generator returns exit codes to the shell window; for a list of codes, see Table 4-2.

  • Page 39: Chapter 5 Extension Joiner Tool

    Chapter 5 Extension Joiner Tool Netscape Certificate Management System (CMS) provides many policy plug-in modules that enable you to add standard and custom X.509 certificate extensions to end-entity certificates the server issues. Similarly, the wizard that helps you generate the certificates required by the Certificate Manager, Registration Manager, and Data Recovery Manager enables you to select extensions that you want to include in the certificates.

  • Page 40: Location

    Location Location The ExtJoiner program is located with the rest of the command-line tools in this directory: <server_root>/bin/cert/tools Syntax To run the tool, type the following command: ExtJoiner java ExtJoiner <ext_file0> <ext_file1> ... <ext_fileN> where specifies the path, including the filename, to files that contain <ext_file>...
  • Page 41 Usage Verify that the extensions are joined correctly before adding them to a certificate request. To do this, first you’ll need to convert the binary data to ASCII format using the utility and then verify the binary data by AtoB dumping the contents of the base-64 encoded blob using the utility.
  • Page 42 Usage Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 43: Chapter 6 Backing Up And Restoring Data

    Chapter 6 Backing Up and Restoring Data This chapter explains how to back up the Netscape Certificate Management System (CMS) data and configuration information and how to use the backups to restore data if there is a need. The chapter has the following sections: •...

  • Page 44: Backing Up Data

    Backing Up Data The backup and restore tools are simple Perl scripts; most Perl programmers should find no difficulty in customizing or extending them. Read this chapter to familiarize yourself with how the scripts work as well as their capabilities and limitations.
  • Page 45 Backing Up Data • Copies non-CMS certificate and key databases and shared files • Copies files required to configure the Netscape Console and Administration Server • Backs up the configuration directory server using that server’s backup db2bak utility (if the server is running locally) •...

  • Page 46: What The Backup Tool Does Not Do

    Backing Up Data These CMS global and local class files are Java classes for custom plug-ins used by CMS servers. To back up this data, all files and subdirectories in the following directories are backed up: • <server_root>/bin/cert/classes • <server_root>/cert-<instance_id>/classes The CMS user interface files and templates are the files used to create the forms end entities and agents use to interact with CMS servers.

  • Page 47: Running The Backup Tool

    Backing Up Data The following is a list of items which may be part of your overall CMS deployment, but which are not backed up by cmsbackup • Other instances of CMS servers in the same server root Each instance has a copy of the cmsbackup script that backs up only data related to that instance.

  • Page 48: After You Finish A Backup

    Backing Up Data Change to the CMS server instance directory in the server root. For example, if your server root is and the instance ID of the server /usr/netscape/server4 you want to back up is cmsinstance # cd /usr/netscape/server4/cert-cmsinstance Execute the backup script: either on UNIX or cmsbackup cmsbackup.bat...

  • Page 49: Restoring Data

    Restoring Data Restoring Data The purpose of creating back up archives, of course, is to allow you to restore a previous state of the CMS server instance after a hardware or software failure corrupts your current state. The restore tool allows you to recover all or part of the configuration that was backed up.

  • Page 50: Running The Restore Tool

    Restoring Data • During configuration, you still need to create new keys and certificates for any servers that use the internal token. You only need to create these keys to complete the configuration process. Your signing, SSL, or DRM transport certificates will be restored (replacing whatever you create during the new configuration) when you run the restore script.
  • Page 51 Restoring Data Execute the restore script: either on UNIX or cmsrestore cmsrestore.bat Windows NT systems. You can either provide the as an argument or use the <archive_path> argument (to read the archive path from automatic logs/latest_backup # ./cmsrestore <archive_path> | automatic For example, # ./cmsrestore \ /var/tmp/CMS_cmsdemo_BACKUP-19991115093827.zip...
  • Page 52 Restoring Data After you answer the questions, the Administration Server is stopped, the data restored from the archive, and the server is started again. If necessary, you will be prompted to enter a password to start the Administration Server. Next you are asked if you want to restore the CMS internal database directory server.

  • Page 53: Chapter 7 Ascii To Binary Tool

    Chapter 7 ASCII to Binary Tool You can use the ASCII to Binary tool to convert ASCII base-64 encoded data to binary base-64 encoded data. This chapter has the following sections: • Availability (page 53) • Syntax (page 53) • Example (page 54) Availability This tool is available for AIX 4.3, OSF/1 v4.0D, Solaris 2.6 (SunOS 5.6), Solaris 8,...

  • Page 54: Example

    Example Example AtoB.bat C:\test\data.in C:\test\data.out The above command takes the base-64 encoded data (in ASCII format) in the file named and writes the binary equivalent of the data to the file named data.in data.out Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 55: Chapter 8 Binary To Ascii Tool

    Chapter 8 Binary to ASCII Tool You can use the Binary to ASCII tool to convert binary base-64 encoded data to ASCII base-64 encoded data. The chapter has the following sections: • Availability (page 55) • Syntax (page 55) • Example (page 56) Availability This tool is available for AIX 4.3, OSF/1 v4.0D, Solaris 2.6 (SunOS 5.6), Solaris 8,...

  • Page 56: Example

    Example Example BtoA.bat C:\test\data.in C:\test\data.out The above command takes the base-64 encoded data (in binary format) in the file named and writes the ASCII equivalent of the data to the file named data.in data.out Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 57: Chapter 9 Pretty Print Certificate Tool

    Chapter 9 Pretty Print Certificate Tool You can use the Pretty Print Certificate tool to print the contents of a certificate stored as ASCII base-64 encoded data in a human-readable form. The chapter has the following sections: • Availability (page 57) •...

  • Page 58: Example

    Example Example PrettyPrintCert.bat C:\test\cert.in C:\test\cert.out The above command takes the base-64 encoded certificate in the file and cert.in writes the certificate in the pretty-print form to the output file named cert.out The base-64 encoded certificate (content of the file) would look similar to cert.in this: -----BEGIN CERTIFICATE-----...
  • Page 59 Example F3:4D:97:B9:DF:B7:60:B3:00:03:16:8E:C1:F8:17:6E: 7A:D2:00:0F:7D:9B:A2:69:35:18:70:1C:7C:AE:12:2F: 0B:0F:EC:69:CD:57:6F:85:F3:3E:9D:43:64:EF:0D:5F: EF:40:FF:A6:68:FD:DD:02:03:01:00:01: Extensions: Identifier: 2.16.840.1.113730.1.1 Critical: no Value: 03:02:00:A0: Identifier: Authority Key Identifier - 2.5.29.35 Critical: no Key Identifier: EB:B5:11:8F:00:9A:1A:A6:6E:52:94:A9:74:BC:65:CF: 07:89:2A:23: Signature: Algorithm: OID.1.2.840.113549.1.1.5 - 1.2.840.113549.1.1.5 Signature: 3E:8A:A9:9B:D1:71:EE:37:0D:1F:A0:C1:00:17:53:26: 6F:EE:28:15:20:74:F6:C5:4F:B4:E7:95:3C:A2:6A:74: 92:3C:07:A8:39:12:1B:7E:C4:C7:AE:79:C8:D8:FF:1F: D5:48:D8:2E:DD:87:88:69:D5:3A:06:CA:CA:9C:9A:55: DA:A9:E8:BF:36:BC:68:6D:1F:2B:1C:26:62:7C:75:27: E2:8D:24:4A:14:9C:92:C6:F0:7A:05:A1:52:D7:CC:7D: E0:9D:6C:D8:97:3A:9C:12:8C:25:48:7F:51:59:BE:3C: 2B:30:BF:EB:0A:45:7D:A6:49:FB:E7:BE:04:05:D6:8F: Chapter 9 Pretty Print Certificate Tool...
  • Page 60 Example Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 61: Chapter 10 Pretty Print Crl Tool

    Chapter 10 Pretty Print CRL Tool You can use the Pretty Print CRL tool to print the contents of a CRL stored as ASCII base-64-encoded data in a human-readable form. The chapter has the following sections: • Availability (page 61) •...

  • Page 62: Example

    Example Example PrettyPrintCrl.bat C:\test\crl.in C:\test\crl.out The above command takes the base-64 encoded CRL in the file and writes crl.in the CRL in the pretty-print form to the output file named crl.out The base-64 encoded CRL (content of the file) would look similar to this: crl.in -----BEGIN CRL----- MIIBkjCBAIBATANBgkqhkiG9w0BAQQFADAsMREwDwYDVQQKEwhOZXRzY2FwZTEXMBUG...
  • Page 63 Example Serial Number: 0x11 Revocation Date: Wednesday, December 16, 1998 4:51:54 AM Extensions: Identifier: Revocation Reason - 2.5.29.21 Critical: no Reason: Key_Compromise Serial Number: 0x10 Revocation Date: Thursday, December 17, 1998 2:37:24 AM Extensions: Identifier: Revocation Reason - 2.5.29.21 Critical: no Reason: Affiliation_Changed Serial Number: 0xA Revocation Date: Wednesday, November 25, 1998 5:11:18 AM...
  • Page 64 Example Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 65: Chapter 11 Certificate Database Tool

    Chapter 11 Certificate Database Tool Certificate Database Tool is a command-line utility that can create the certificate database file ( for Certificate Management System. The utility can also cert7.db) list, generate, modify, or delete certificates within the file. Certificate database management tasks are part of a process that typically also involves managing key databases ( files).

  • Page 66: Syntax

    Syntax Syntax To run Certificate Database Tool, type the following command: option [arguments] certutil where options and arguments are combinations of the options and arguments listed in the following section. Each command takes one option. Each option may take zero or more arguments. To see a usage string, issue the command without options, or with the option.
  • Page 67 Syntax Table 11-1 Command options and their arguments Display a list of the options and arguments used by Certificate Database Tool. Argument Use ASCII format or allow the use of ASCII format for input or output. This formatting follows RFC #1113. For certificate requests, ASCII output defaults to standard output unless redirected.
  • Page 68 Syntax Table 11-1 Command options and their arguments Display detailed information when validating a certificate with the -V option. serial-number Assign a unique serial number to a certificate being created. This operation should be performed by a CA. The default serial number is 0 (zero). Serial numbers are limited to integers.
  • Page 69 Syntax Table 11-1 Command options and their arguments certusage Specify a usage context to apply when validating a certificate with the -V option. The contexts are the following: C (as an SSL client) V (as an SSL server) S (as an email signer) R (as an email recipient) valid-months Set the number of months a new certificate will be valid.

  • Page 70: Usage

    Usage Table 11-1 Command options and their arguments Add an authority key ID extension to a certificate that is being created or added to a database. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate.

  • Page 71: Examples

    Examples • Adding a certificate to an existing database: certname trustargs tokenname certdir -A -n ] [-d ] [-a] cert-request-file • Listing all certificates or a named certificate: certname certdir -L [-n ] [-d ] [-r] [-a] • Validating a certificate: certname validity-time certusage...

  • Page 72: Listing Certificates In A Database

    Examples Listing Certificates in a Database This example lists all the certificates in the file in the specified directory: cert7.db certdir certutil -L -d Certificate Database Tool displays output similar to the following: Certificate Name Trust Attributes Uptime Group Plc. Class 1 CA C,C, VeriSign Class 1 Primary CA VeriSign Class 2 Primary CA...

  • Page 73: Creating A Certificate

    Examples Before it creates the request file, Certificate Database Tool prompts you for a password: Enter Password or Pin for "Communicator Certificate DB": Creating a Certificate A valid certificate must be issued by a trusted CA. If a CA key pair is not available, you can create a self-signed certificate (for purposes of illustration) with the argument.

  • Page 74: Validating A Certificate

    Examples Not Before: Thu Mar 12 00:10:40 1998 Not After: Sat Sep 12 00:10:40 1998 Subject: CN=John Smith, O=Netscape, L=Mountain View, ST=California, C=US Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: 00:da:53:23:58:00:91:6a:d1:a2:39:26:2f:06:3a: 38:eb:d4:c1:54:a3:62:00:b9:f0:7f:d6:00:76:aa: 18:da:6b:79:71:5b:d9:8a:82:24:07:ed:49:5b:33: bf:c5:79:7c:f6:22:a7:18:66:9f:ab:2d:33:03:ec: 63:eb:9d:0d:02:1b:da:32:ae:6c:d4:40:95:9f:b3:...
  • Page 75 Examples Certificate Database Tool shows results similar to Certificate:’jsmith@netscape.com’ is valid. UID=jsmith, E=jsmith@netscape.com, CN=John Smith, O=Netscape Communications Corp., C=US : Expired certificate UID=jsmith, E=jsmith@netscape.com, CN=John Smith, O=Netscape Communications Corp., C=US : Certificate not approved for this operation Chapter 11 Certificate Database Tool...
  • Page 76 Examples Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 77: Chapter 12 Key Database Tool

    Chapter 12 Key Database Tool Key Database Tool is a command-line utility that can modify the key database file ) of Netscape Certificate Management System (CMS). You can use the key3.db utility to create or change the database password, generate new public and private key pairs, display the contents of the database, or delete key pairs from the database.

  • Page 78: Syntax

    Syntax Syntax To run Key Database Tool, type the command option [arguments] keyutil where option and arguments are combinations of the options and arguments listed in the following section. Each command takes one option. Each option may take zero or more arguments. To see a usage string, issue the command without options, or with the option.
  • Page 79 Syntax Table 12-1 Description of options and arguments (Continued) Delete a private key from a key database. Specify the key to delete with the -k argument. Specify the database from which to delete the key with the -d argument. Use the -t argument to specify explicitly whether to delete a DSA or an RSA key.

  • Page 80: Usage

    Usage Table 12-1 Description of options and arguments (Continued) List DSA as well as RSA keys when listing keys in the key database. pqgfile Read an alternate PQG value from the specified file when generating DSA key pairs. If this argument is not used, Key Database Tool generates its own PQG value.

  • Page 81: Examples

    Examples • Displaying public key information from the database: shortkeyID tokenname -P -k [-t rsa|dsa] [-h keydir password-file ] [-w • Deleting private keys from a key database file: shortkeyID tokenname -D -k [-t rsa|dsa] [-h keydir password-file ] [-w •...

  • Page 82: Generating A New Key

    Examples Generating a New Key This example generates a new key in a key database: keydir keyutil -G -d Key Database Tool then displays the following: ---------------------------------------------------- Netscape Communications Corporation Key Generation -------------------------------------------------------- Welcome to the key generator. With this program, you can generate the public and private keys that you use for secure communications.

  • Page 83: Displaying Public Key Information

    Examples Displaying Public Key Information This example prints the public key’s information: keydir keyutil -P -k e95c -d The public key information appears after you give the correct password: Password: It’s the first key found. RSA Public-Key: modulus: 00:e9:5c:4a:73:74:39:22:6d:c6:da:4e:b3:1f:01:26:9d:be: d1:74:ae:cd:c7:7d:65:f9:1d:31:1f:71:fb:60:d0:45:46:5f: 5a:19:e7:61:1e:e7:ce:9f:4a:13:4e:d6:e9:06:90:2a:ba:bd: 0b:5f:7b:a3:28:21:1e:0f:1c:f4:3a:ba:3a:8f:0b:e1:99:91: cc:e8:fd:17:d2:1c:66:13:6b:95:27:b1:eb:bc:9c:e6:7b:f0:...

  • Page 84: Deleting A Private Key

    Examples Deleting a Private Key This example deletes a private key from the key database: keydir keyutil -D -k e95c -d When you delete keys, be sure to remove any certificates associated with those keys from the certificate database by using the Certificate Database Tool. Netscape Certificate Management System Command-Line Tools Guide •...

  • Page 85: Chapter 13 Netscape Signing Tool

    Chapter 13 Netscape Signing Tool This chapter describes how to use version 1.3 of Netscape Signing Tool ( signtool on the command line) to digitally sign software, including binary files intended for distribution via SmartUpdate, Java class files, and JavaScript scripts. Version 1.3 includes all the capabilities of, and is fully compatible with, previous versions of Netscape Signing Tool (.50, .60, 1.0, 1.1, and 1.2).

  • Page 86: What Is Netscape Signing Tool

    Introduction to Netscape Signing Tool • Object-Signing Certificates For a complete introduction to object signing technology, see Netscape Object Signing: Establishing Trust for Downloaded Software at this URL: http://developer.netscape.com/docs/manuals/signedobj/trust/index.ht What Is Netscape Signing Tool? Netscape Signing Tool is a stand-alone command-line tool that creates digital signatures and uses the Java Archive (JAR) format to associate them with files in a directory.

  • Page 87: Jar Format And Jar Archives

    Introduction to Netscape Signing Tool JAR Format and JAR Archives The Java Archive (JAR) format is a set of conventions for associating digital signatures, installer scripts, and other information with files in a directory. Signing tools such as Netscape Signing Tool allow you to sign files using the JAR format and package them as a single JAR file.

  • Page 88: What Signing A File Means

    Introduction to Netscape Signing Tool What Signing a File Means If you have a signing certificate, you can use Netscape Signing Tool to digitally sign files and package them as a JAR file. An object-signing certificate is a special kind of certificate that allows you to associate your digital signature with one or more files.

  • Page 89: Using Netscape Signing Tool

    Using Netscape Signing Tool • CA server software running on your corporate intranet or extranet. Netscape Certificate Management System provides a complete management solution for creating, deploying, and managing certificates, including CAs that issue object-signing certificates. You must also have a certificate for the CA that issues your signing certificate before you can sign files.

  • Page 90: Getting Ready To Use Netscape Signing Tool

    Using Netscape Signing Tool Getting Ready to Use Netscape Signing Tool Before using Netscape Signing Tool, you must have the executable in signtool your path environment variable. You must also have an object-signing certificate. Netscape Signing Tool includes an option that allows you to generate an object-signing certificate for testing purposes.

  • Page 91: Listing Available Certificates

    Using Netscape Signing Tool If you are using Windows 95 or NT, the executable doesn't know where signtool your certificates are, so either put the files in the current key3.db cert7.db directory and use “ ” or use to point to the directory in which they are located.

  • Page 92: Signing A File

    Using Netscape Signing Tool Verisign Object Signing Cert Issued by: VeriSign, Inc. - Verisign, Inc. Expires: Tue May 19, 1998 test object signing cert Issued by: test object signing cert (Signtool 1.0 Testing Certificate (960187691)) Expires: Sun May 17, 1998 --------------------------------------- For a list including CAs, use "signtool -L"...

  • Page 93: Using Netscape Signing Tool With A Zip Utility

    Using Netscape Signing Tool Test the archive you just created. % signtool -v testjar.jar using certificate directory: /u/jsmith/.netscape archive "testjar.jar" has passed crypto verification. status path ------------ ------------------- verified test.f You can also use Netscape Signing Tool from within a script to automate some aspects of signing.
  • Page 94 Using Netscape Signing Tool • If you are signing metadata only and not files, you still need to create a blank directory for Netscape Signing Tool to sign. • When using the Windows NT version of Netscape Signing Tool, always use a relative path.

  • Page 95: Signtool Syntax And Options

    SignTool Syntax and Options SignTool Syntax and Options This section summarizes the syntax and options for Netscape Signing Tool 1.3. • Command Syntax • Command Options • Command File Syntax • Command File Keywords and Example Command Syntax To run Netscape Signing Tool, type signtool options where options can be any sequence of the options listed in this chapter.
  • Page 96 SignTool Syntax and Options Table 13-1 Description of options Specifies the compression level for the -J or -Z option. The symbol # represents a number from 0 to 9, where 0 means no compression and 9 means maximum compression. The higher the level of compression, the smaller the output but the longer the operation takes.
  • Page 97 SignTool Syntax and Options Table 13-1 Description of options -k key ... directory Specifies the nickname (key) of the certificate you want to sign with and signs the files in the specified directory. The directory to sign is always specified as the last command-line argument.
  • Page 98 SignTool Syntax and Options Table 13-1 Description of options Signs a directory of HTML files containing JavaScript and creates as many archive files as are specified in the HTML tags. Even if signtool creates more than one archive file, you need to supply the key database password only once. The -J option is available only in Netscape Signing Tool 1.0 and later versions.
  • Page 99 SignTool Syntax and Options Table 13-1 Description of options Lists the PKCS #11 modules available to signtool, including smart cards. The -M option is available in Netscape Signing Tool 1.0 and later versions only. For information on using Netscape Signing Tool with smart cards, see “Using Netscape Signing Tool with Smart Cards”...

  • Page 100: Command File Syntax

    SignTool Syntax and Options Table 13-1 Description of options Tells signtool not to store the signing time in the digital signature. This option is useful if you want the expiration date of the signature checked against the current date and time rather than the time the files were signed. -Z jarfile Creates a JAR file with the specified name.
  • Page 101 SignTool Syntax and Options Keyword Value Same as -j option. javascriptdir Same as -J option. htmldir Nickname of certificate, as with -k and -l -k options. certname The directory to be signed, as with -k option. signdir Same as -l option. Value is ignored, but = sign must be list present.

  • Page 102: Generating Test Object-Signing Certificates

    Generating Test Object-Signing Certificates where somefile contains the following lines: certdir=c:\netscape\users\james certname=mycert jarfile=myjar.jar signdir=signdir outfile=output.txt Generating Test Object-Signing Certificates Netscape Signing Tool allows you to create object-signing certificates for testing purposes. This section describes how to create and use such test certificates. Unlike certificates normally used to sign finished code to be distributed over a network, the test certificates created with Netscape Signing Tool are not signed by a recognized certificate authority.
  • Page 103 Generating Test Object-Signing Certificates Warning If you intend to install the new key pair and certificate in the Communicator databases, you must exit Communicator before using Netscape Signing Tool to generate the object-signing certificate. Otherwise, you risk corrupting your certificate and key databases. Certificates contain standard information about the entity they identify, such as the common name and organization name.

  • Page 104: Using Netscape Signing Tool With Smart Cards

    Using Netscape Signing Tool with Smart Cards Using Netscape Signing Tool with Smart Cards This section describes how to use smart cards from within Netscape Signing Tool to digitally sign files. • What Is a Smart Card? • Setting Up a Smart Card •...
  • Page 105 Using Netscape Signing Tool with Smart Cards Click Cryptographic Modules in the left frame. Click the Add button. Type an appropriate name for the module you want to add in the box labeled Security Module Name. Type the name of the driver that was supplied with your smart card in the box labeled Security Module File.

  • Page 106: Using The -M Option To List Smart Cards

    Using Netscape Signing Tool with Smart Cards Using the -M Option to List Smart Cards You can use the option to list the PKCS #11 modules, including smart cards, that are available to signtool % signtool -d "c:\netscape\users\jsmith" -M using certificate directory: c:\netscape\users\<username> Listing of PKCS11 modules ----------------------------------------------- 1.

  • Page 107: Netscape Signing Tool And Fips-140-1

    Netscape Signing Tool and FIPS-140-1 To see fully qualified certificate names when you run Communicator, click the Security button in Navigator, then click Yours under Certificates in the left frame. Fully qualified names are of the format smart card:certificate, for example "...

  • Page 108: Verifying Fips Mode

    Netscape Signing Tool and FIPS-140-1 After switching the Navigator cryptographic module to FIPS mode, you have two choices: • Use the same security module database from Netscape Signing Tool (by option). specifying the same directory with the • Make a copy of Communicator's security module database and place it in Netscape Signing Tool's database directory.

  • Page 109: Answers To Common Questions

    Answers to Common Questions Answers to Common Questions This section answers the most common technical questions regarding Netscape Signing Tool. Netscape Signing Tool, or Communicator, fails to report the presence of a particular certificate in the database, even though that certificate should be there.
  • Page 110 Answers to Common Questions Click Import a Certificate and give the database password. Select a certificate file to open and give the certificate’s password. Repeat steps 9 and 10 for each certificate to be re-imported. The certificate needed to sign an object is in the certificate database, but Netscape Signing Tool’s options report “Unable to find issuer certificate”...
  • Page 111 Answers to Common Questions Click the Security Info button on Communicator’s toolbar. Click Yours under Certificates and select a certificate to rename. Click Export and save a PKCS #12 copy of the certificate to a safe location (if no copy already exists). This copy is needed if replacement fails. Click Delete and remove the certificate from the certificate database.
  • Page 112 Answers to Common Questions Although certificates expire, valid signatures do not. Signature validation is based on the date of the signature rather than the time verification occurs. If a certificate chain was valid at signing, Communicator will continue to recognize that signature even after certificates in that chain expire.

  • Page 113: Chapter 14 Ssl Debugging Tool

    Chapter 14 SSL Debugging Tool SSL Debugging Tool is an SSL-aware command-line proxy. It watches TCP connections and displays the data going by. If a connection is SSL, the data display includes interpreted SSL records and handshaking information. This chapter has the following sections: •...

  • Page 114: Syntax

    Syntax The tool cannot and does not decrypt any encrypted message data. You use the tool to look at the plain text and binary data that are part of the handshake procedure, before the secure connection is established. Syntax To run SSL Debugging Tool, type this command in a command shell: port] hostname:port ssltap -vhfsxl...

  • Page 115: Examples

    Examples Table 14-1 Description of command options Turn on looping; that is, continue to accept connections rather than stopping after the first connection is complete. Change the default rendezvous port (1924) to another port. The following are well-known port -p port numbers: HTTP 80 HTTPS 443...

  • Page 116: Example 1

    Examples The raw data stream is sent to standard output and is not interpreted in any way. This can result in peculiar effects, such as sounds, flashes, and even crashes of the command shell window. To output a basic, printable interpretation of the data, use option, or, if you are looking at an SSL connection, the option.
  • Page 117 Examples (0x000006) SSL3/RSA/RC2CBC40/MD5 session-id = { } challenge = { 0xec5d 0x8edb 0x37c9 0xb5c9 0x7b70 0x8fe9 0xd1d3 0x2592 } <-- [ SSLRecord { 0: 16 03 00 03 |..type = 22 (handshake) version = { 3,0 } length = 997 (0x3e5) handshake { 0: 02 00 00 46 |...F...
  • Page 118 Examples type = 12 (server_key_exchange) length = 202 (0x0000ca) 0: 0e 00 00 00 |..type = 14 (server_hello_done) length = 0 (0x000000) --> [ SSLRecord { 0: 16 03 00 00 |..D type = 22 (handshake) version = { 3,0 } length = 68 (0x44) handshake {...
  • Page 119 Examples <-- [ SSLRecord { 0: 16 03 00 00 |..8 type = 22 (handshake) version = { 3,0 } length = 56 (0x38) < encrypted > --> [ SSLRecord { 0: 17 03 00 01 |..type = 23 (application_data) version = { 3,0 } length = 287 (0x11f)

  • Page 120: Example 2

    Examples Example 2 option turns on SSL parsing. Because the option is not used in this example, undecoded values are output as raw data. The output is routed to a text file. Command ssltap.exe -s -p 444 interzone.mcom.com:443 > s.txt Output Connected to interzone.mcom.com:443 -->...
  • Page 121 Examples server_version = {3, 0} random = {...} session ID = { length = 32 contents = {..} cipher_suite = (0x0003) SSL3/RSA/RC4-40/MD5 type = 11 (certificate) length = 709 (0x0002c5) CertificateChain { chainlength = 706 (0x02c2) Certificate { size = 703 (0x02bf) data = { saved in file ’cert.001’...
  • Page 122 Examples length = 56 (0x38) < encrypted > <-- [ SSLRecord { type = 20 (change_cipher_spec) version = { 3,0 } length = 1 (0x1) <-- [ SSLRecord { type = 22 (handshake) version = { 3,0 } length = 56 (0x38) <...

  • Page 123: Example 3

    Examples < encrypted > Server socket closed. Example 3 In this example, the option turns hex/ASCII format. There is no SSL parsing or decoding. The output is routed to a text file. Command ssltap.exe -h -p 444 interzone.mcom.com:443 > h.txt Output Connected to interzone.mcom.com:443 -->...

  • Page 124: Example 4

    Examples Example 4 In this example, the option turns on SSL parsing, and the options turns on hex/ASCII format. Both formats are shown for each record. The output is routed to a text file. Command ssltap.exe -hs -p 444 interzone.mcom.com:443 > hs.txt Output Connected to interzone.mcom.com:443 -->...

  • Page 125: Usage Tips

    Usage Tips Usage Tips • When SSL restarts a previous session, it makes use of cached information to do a partial handshake. If you wish to capture a full SSL handshake, restart the browser to clear the session id cache. •...
  • Page 126 Usage Tips Netscape Certificate Management System Command-Line Tools Guide • October 2001...

  • Page 127: Chapter 15 Ssl Strength Tool

    Chapter 15 SSL Strength Tool SSL Strength Tool is a command-line tool that connects to an SSL server and reports back the encryption cipher and strength used for the connection. This chapter has the following sections: • Availability (page 127) •...

  • Page 128: Options And Arguments

    Usage This form of the command returns a list of the possible ciphers. A letter in the first column of the output is the code used by the option. Pass any number of ciphers= cipher codes to the argument to identify the cipher preferences. ciphers= Options and Arguments The SSL Strength Tool command options and their arguments are defined as...

  • Page 129: Restricting Ciphers

    Usage When you issue the command, the tool first prints the list of ciphers sslstrength enabled on the client. It then connects to an SSL server and reports back the following information: • The bulk encryption algorithm selected • The key size selected •...

  • Page 130: Examples

    Examples A connection that steps up starts out with 40-bit encryption, then, upon encountering a handshake, changes to 128-bit encryption. To change-cipher-spec check whether a client has stepped up correctly upon encountering a step-up certificate, check that it is using export policy, and that the secret key size is 128 bits.

  • Page 131: Example 2

    Examples Subject: CN=myhost.netscape.com, OU=E-Store Merchant Server, O=Netscape Communications Corp., L=Mountain View, ST=California, C=US Valid: from Fri Oct 02, 1998 to Sat Oct 02, 1999 Example 2 This example shows output from a command that limits the client to three ciphers. sslstrength myhost.netscape.com ciphers=jkl Using domestic policy...
  • Page 132 Examples SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5 (ssl2) SSL_RSA_WITH_RC4_128_MD5 (ssl3) Yes Step-up only SSL_RSA_WITH_3DES_EDE_CBC_SHA (ssl3) Yes Step-up only SSL_RSA_EXPORT_WITH_RC4_40_MD5 (ssl3) SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (ssl3) SSL_RSA_WITH_NULL_MD5 (ssl3) SSL Connection Status Cipher: RC4-40 Key Size: Secret Key Size: 40 Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US Subject: CN=myhost.netscape.com, OU=E-Store Merchant Server, O=Netscape Communications Corp., L=Mountain View, ST=California,...

  • Page 133: Chapter 16 Security Module Database Tool

    Chapter 16 Security Module Database Tool The Security Module Database Tool is a command-line utility for managing PKCS#11 module information within files or within hardware tokens. secmod.db You can use the tool to add and delete PKCS #11 modules, change passwords, set defaults, list module contents, enable or disable slots, enable or disable FIPS-140-1 compliance, and assign default providers for cryptographic operations.

  • Page 134: Syntax

    Syntax Syntax To run the Security Module Database Tool, type the command modutil option [arguments] where and [ arguments] are combinations of the options and arguments option listed in the following section. Each command takes one option. Each option may take zero or more arguments.
  • Page 135 Syntax Table 16-1 Options and Arguments for modutil Change the password on the named token. If the token has not been initialized, -changepw tokenname this option initializes the password. Use this option with the -pwfile and -newpwfile arguments. In this context, the term “password” is equivalent to a personal identification number (PIN).
  • Page 136 Syntax Table 16-1 Options and Arguments for modutil Specify the security mechanisms for which a particular module will be flagged -mechanisms as a default provider. The mechanism-list is a colon-delimited list of mechanism mechanism-list names. Enclose this list in quotation marks if it contains spaces. The module becomes a default provider for the listed mechanisms when those mechanisms are enabled.

  • Page 137: Usage

    Usage Usage The Security Module Database Tool’s capabilities are grouped as follows, using these combinations of options and arguments. The options and arguments in square brackets are optional, those without square brackets are required. • Creating a set of security management database files ( , and key3.db cert7.db...

  • Page 138: Jar Installation File

    JAR Installation File • Disabling a specific slot or all slots within a module: -disable modulename [-slot slotname] • Enabling or disabling FIPS-140-1 compliance within the Netscape Communicator internal module: -fips [true | false] • Disabling interactive prompts for the Security Module Database Tool, to support scripted operation: -force JAR Installation File...

  • Page 139: Script Grammar

    JAR Installation File win32/setup.hlp { RelativePath { %temp%/setup.hlp } win32/setup.cab { RelativePath { %temp%/setup.cab } WIN95::x86 { EquivalentPlatform {WINNT::x86} SUNOS:5.5.1:sparc { ModuleName { "Fortezza UNIX Module" } ModuleFile { unix/fort.so } DefaultMechanismFlags{0x0001} CipherEnableFlags{0x0001} Files { unix/fort.so { RelativePath{%root%/lib/fort.so} AbsolutePath{/usr/local/netscape/lib/fort.so} FilePermissions{555} xplat/instr.html { RelativePath{%root%/docs/inst.html} AbsolutePath{/usr/local/netscape/docs/inst.html}...

  • Page 140: Keys

    Keys key_value_pair --> key { valuelist } key --> string string --> simple_string " complex_string " simple_string --> [^ \t\n\""{""}"]+ (No whitespace, quotes, or braces.) complex_string --> ([^\"\\\r\n]|(\\\")|(\\\\))+ (Quotes and backslashes must be escaped with a backslash. A complex string must not include newlines or carriage returns.) Outside of complex strings, all white space (for example, spaces, tabs, and carriage returns) is considered equal and is used only to delimit tokens.
  • Page 141 Keys Platforms (required) Gives a list of platforms. Each entry in the list is itself a key-value pair: the key is the name of the platform and the value list contains various attributes of the platform. The ModuleName, ModuleFile, and Files attributes must be specified for each platform unless an EquivalentPlatform attribute is specified.

  • Page 142: Per-Platform Keys

    Keys Per-Platform Keys These keys have meaning only within the value list of an entry in the Platforms list. Description (required) Gives the common name for the module. This name will be used ModuleName to reference the module from Netscape Communicator, the Security Module Database tool ( ), servers, or any other modutil...

  • Page 143: Per-File Keys

    Keys Specifies mechanisms for which this module will be a default provider. DefaultMechanismFlags This key-value pair is a bitstring specified in hexadecimal (0x) format. It is constructed as a bitwise OR of the following constants. If the DefaultMechanismFlags entry is omitted, the value defaults to 0x0. RSA: 0x00000001 DSA:...

  • Page 144: Examples

    Examples Specifies the destination directory of the file, relative to some directory RelativePath decided at install time. Two variables can be used in the relative path: "%root%" and "%temp%". "%root%" is replaced at run time with the directory relative to which files should be installed; for example, it may be the server’s root directory or the Netscape Communicator root directory.

  • Page 145: Creating Database Files

    Examples • Enabling a Slot • Enabling FIPS Compliance • Adding a Cryptographic Module • Installing a Cryptographic Module from a JAR File • Changing the Password on a Token Creating Database Files This example creates a set of security management database files in the specified directory: modutil -create -dbdir c:\databases The Security Module Database Tool displays a warning:...

  • Page 146: Setting A Default Provider

    Examples PKCS #11 Version 2.0 Library Version: 4.0 Cipher Enable Flags: None Default Mechanism Flags: RSA:DSA:RC2:RC4:DES:SHA1:MD5:MD2 Slot: Communicator Internal Cryptographic Services Version 4.0 Manufacturer: Netscape Communications Corp Type: Software Version Number: 4.1 Firmware Version: 0.0 Status: Enabled Token Name: Communicator Generic Crypto Svcs Token Manufacturer: Netscape Communications Corp Token Model: Libsec 4.0 Token Serial Number: 0000000000000000...

  • Page 147: Enabling A Slot

    Examples The Security Module Database Tool displays a warning: WARNING: Performing this operation while a Netscape product is running could cause corruption of your security databases. If a Netscape product is currently running, you should exit the product before continuing this operation. Type 'q <enter>' to abort, or <enter>...

  • Page 148: Adding A Cryptographic Module

    Examples After you press Enter, the tool displays the following: FIPS mode enabled. Adding a Cryptographic Module This example adds a new cryptographic module to the database: C:\modutil> modutil -dbdir "C:\databases" -add "Cryptorific Module" -libfile "C:\winnt\system32\crypto.dll" -mechanisms RSA:DSA:RC2:RANDOM The Security Module Database Tool displays a warning: WARNING: Performing this operation while a Netscape product is running could cause corruption of your security databases.
  • Page 149 Examples Win95::x86 { EquivalentPlatform { Winnt::x86 } To install from the script, use the following command. The root directory should be the Windows root directory (for example, , or c:\\windows c:\\winnt C:\modutil> modutil -dbdir "c:\databases" -jar install.jar -installdir "C:/winnt" The Security Module Database Tool displays a warning: WARNING: Performing this operation while a Netscape product is running could cause corruption of your security databases.

  • Page 150: Changing The Password On A Token

    Examples Installed file setup.exe to ./pk11inst.dir/setup.exe Executing "./pk11inst.dir/setup.exe"... "./pk11inst.dir/setup.exe" executed successfully Installed module "Cryptorific Module" into module database Installation completed successfully C:\modutil> Changing the Password on a Token This example changes the password for a token on an existing module. C:\modutil>...

  • Page 151: Index

    Index ASCII to Binary 53 Binary to ASCII 55 adding Certificate Database tool 65 new entries to the password cache 22 dumpasn1 16 ASCII to Binary tool 53 extension joiner 39 example 54 for adding extensions to CMS certificates 39 supported platforms 53 Key Database tool 77 syntax 53...
  • Page 152 dumpasn1 tool 16 Netscape Signing tool 85 supported platforms 86 ExtensionJoiner tool 39 extensions tool for joining 39 password cache tools for generating 39 tool for managing 19 ExtJoiner tool Password Cache utility 19 example 40 adding new entries 22 location 40 changing passwords 22 syntax 40...
  • Page 153 Registration Manager what to do if not responding 25 setpin command 28 single sign-on password changing 20, 21 single signon password starting CMS without 24 SSL Debugging tool 113 examples 115 supported platforms 113 syntax 114 usage tips 125 SSL Strength tool 127 examples 130 supported platforms 127 syntax 127...

This manual is also suitable for:

Netscape management system 4.5

Table of Contents