[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 5

smdefca Command

Purpose

Defines an internal certificate authority.

Syntax

smdefca ca_name -o organization -c country_code -d pub_dir [ -e mm/dd/yyyy]

Description

The smdefca command is used to define an internal CA (Certificate Authority) for Web-based System Manager servers and clients on the current machine. When you define a Web-based System Manager-CA, the following files are generated:

/usr/websm/security/SM.caprivkr
This is the CA private key ring that includes the CA private key and the CA certificate. This is the most sensitive file from the aspect of Web-based System Manager security. It is created root protected and password encrypted.
SMpubkr.class (created on the specified pub_dir)
The public key ring file. This file has to be distributed to each Web-based System Manager client (for application mode) and server (for applet mode) and should be placed in /usr/websm/codebase.

If a CA is already defined on the current machine, the smundefca command must be used first to unconfigure it.

Use the /usr/websm/bin/wsm command to access the graphical interface. The fast path is wsm system.

Flags

ca_name A name that uniquely defines your Web-based System Manager-CA. The machine full TCP/IP name with some additional serial number might be a good choice. If you ever redefine a CA, it is recommended that you use a different name in order to identify which CA, by name, is used by each server and client.

Note: Do not set the CA name to be exactly the machine's full TCP/IP name (this will break the SMGate utility, in case you want to use it in managing this machine from a remote browser).
-o organization Organization name (required for the CA certificate).
-c country_code Two-letter ISO country code (required for the CA certificate).
-d pub_dir The output directory for the public key ring file SMpubkr.class.
-e mm/dd/yyyy Expiration date for the CA certificate. The default expiration date is four years from the date of issuing the command.

Examples

smdefca IBMCA1 -o IBM -c US -d /usr/websm/security/tmp -e 12/31/1999 

Files

/usr/websm/security/SMpubkr.class CA public key ring file.
/usr/websm/security/SMCa.log Lists detailed information on all operations executed by the CA.
/usr/websm/security/SMCa.sn Certificate number file.
/usr/websm/security/SM.caprivkr Certificate private key ring file.

Related Information

The smcaprop, smexpcacert, smimpcacert, smlistcerts, smsigncert, and the smundefca command.

For information on installing the Web-based System Manager, see Chapter 2: Installation and System Requirements in AIX 5L Version 5.2 Web-based System Manager Administration Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]