Red Hat NETSCAPE DIRECTORY SERVER 6.01 Guida di Configurazione

Command-Line Tools GuideNetscape Certificate Management SystemVersion 6.01May 2002

WheretoGoforRelatedInformation10 Netscape Certificate Management System Command-Line Tools Guide • May 2002• []—Square brackets enclose commands that

Where to Go for Related InformationAbout This Guide 11• <instance_id> is the ID for this instance of Certificate Management System(specified dur

WheretoGoforRelatedInformation12 Netscape Certificate Management System Command-Line Tools Guide • May 2002•End-EntityHelpProvides detailed reference

13Chapter 1Command-Line ToolsNetscape Certificate Management System (CMS) is bundled with variouscommand-line utilities. This c hapter summarizes thes

14 Netscape Certificate Management System Command-Line Tools Guide • May 2002certutil(Certificate and Key Database Tool)View and manipulate the certif

Chapter 1 Command-Line Tools 15The Certificate Database Tool (certutil), Netscape Signing Tool (signtool), SSLDebuggingTool(ssltap), and Security Data

16 Netscape Certificate Management System Command-Line Tools Guide • May 2002If you’re familar with older versions of NSS tools, notice that all Key D

17Chapter 2CMS Upgrade UtilityIf you have a previous installation of Netscape Certificate Management System(Certificate Mana gement System), you can u

Before Upgrading18 Netscape Certificate Management System Command-Line Tools Guide • May 2002Backing Up Your Previous CMS InstanceYou must backup your

Before UpgradingChapter 2 CMS Upgrade Utility 19Creating Your Previous Internal Database File inLDIF FormatAfter locating your previous CMS internal d

Netscape Communications Corporation ("Netscape") andits licensors retain all ownership rights to the software programs offered byNetscape (r

Before Upgrading20 Netscape Certificate Management System Command-Line Tools Guide • May 2002The default file name is time stamped and is of the form&

UpgradingChapter 2 CMS Upgrade Utility 21cd <upgrade_tool>/TxtTo601export SERVER_ROOT=<601_server_root>run.sh <42_txt> > <601_

Upgrading22 Netscape Certificate Management System Command-Line Tools Guide • May 2002• Shutting Down the CMS 6.01 Server• Installing the Old Security

UpgradingChapter 2 CMS Upgrade Utility 23Installing CMS 4.2 or 4.5 Security DatabasesInstallyourpreviousCMS4.2or4.5securitydatabasesbycopyingthemtoyou

Upgrading24 Netscape Certificate Management System Command-Line Tools Guide • May 2002Installing the Old Internal DatabaseTo install your old internal

After UpgradingChapter 2 CMS Upgrade Utility 25./start-slapdcd <601_server_root>/cert-<instance_id>./start-certAfter UpgradingAfter upgrad

After Upgrading26 Netscape Certificate Management System Command-Line Tools Guide • May 2002

27Chapter 3Password Cache UtilityDuring the installation of Netscape Certificate Management System (CMS), theinstallation daemon stores all the passw

Syntax28 Netscape Certificate Management System Command-Line Tools Guide • May 2002SyntaxTo run the utility, execute the following command from the<

UsageChapter 3 Password Cache Utility 29• Changing the password associated with an entry• Deleting an entry in the cacheThe sections that follow expla

3ContentsAboutThisGuide... 7WhatYouShouldAlreadyKnow ...

Usage30 Netscape Certificate Management System Command-Line Tools Guide • May 20023. At the prompt, enter the command below, substituting the variable

UsageChapter 3 Password Cache Utility 31Deleting an Entry From the Password CacheTo delete an entry from the cache:1. Open a command window.2. Go to t

Usage32 Netscape Certificate Management System Command-Line Tools Guide • May 2002

33Chapter 4PIN Generator ToolFor Netscape Certificate Management System (CMS) to use the authenticationplug-in module namedUidPwdPinDirAuth your authe

The setpin Command34 Netscape Certificate Management System Command-Line Tools Guide • May 2002The setpin CommandYou run the PIN Generator by entering

The setpin CommandChapter 4 PIN Generator Tool 35• ["binddn=<user_id>" bindpw=<bind_password>]<user_id> specifies the user

The setpin Command36 Netscape Certificate Management System Command-Line Tools Guide • May 2002• [gen=RNG-alpha | RNG-alphanum | RNG-printableascii]Us

The setpin CommandChapter 4 PIN Generator Tool 37For example, if you want to check PINs—that the PINs are being given to thecorrect users and that the

How the Tool Works38 Netscape Certificate Management System Command-Line Tools Guide • May 2002How the Tool WorksThe Pin Generator allows you to gener

How the Tool WorksChapter 4 PIN Generator Tool 39Figure 4-1 Using an input and output file for the PIN-generation processExamples of output follow :Pr

4 Netscape Certificate Management System Command-Line Tools Guide • May 2002StartingUptheCMS6.01Server...

How the Tool Works40 Netscape Certificate Management System Command-Line Tools Guide • May 2002The output also contains the status of each entry in th

How the Tool WorksChapter 4 PIN Generator Tool 41• Assume that you have set PINs for all entries in the user directory. Two newusers joined your organ

How the Tool Works42 Netscape Certificate Management System Command-Line Tools Guide • May 2002Output FileThe PIN Generator can capture the output to

How the Tool WorksChapter 4 PIN Generator Tool 43How PINs Are Stored in the DirectoryEach PIN is concatenated with the corresponding user's LDAP

How the Tool Works44 Netscape Certificate Management System Command-Line Tools Guide • May 20027 Indicates an error parsing command-line arguments.8 I

45Chapter 5Extension Joiner ToolNetscape Certificate Management System (CMS) provi des many policy plug-inmodules that enable you to add standard and

Location46 Netscape Certificate Management System Command-Line Tools Guide • May 2002LocationThe ExtJoiner program is located with the rest o f the co

UsageChapter 5 Extension Joiner Tool 473. Verify that the extensions are joined correctly before adding them to acertificate request. To do this, firs

Usage48 Netscape Certificate Management System Command-Line Tools Guide • May 2002

49Chapter 6Backing Up and Restoring DataThis chapterexplains howtoback uptheNetscape Certificate Management System(CMS) data and configuration informa

5Chapter 7 ASCIItoBinaryTool... 61Location...

Backing Up Data50 Netscape Certificate Management System Command-Line Tools Guide • May 2002The backup a nd restore tools are simple Perl scripts; mos

Backing Up DataChapter 6 Backing Up and Restoring Data 51• Copies non-CMS certificate and key databases and shared files• Copies files required to con

Backing Up Data52 Netscape Certificate Management System Command-Line Tools Guide • May 2002These CMS global and local class files are Java classes fo

Backing Up DataChapter 6 Backing Up and Restoring Data 53What the Backup Tool Does Not DoThe cmsbackup script backs up only configuration and data rel

Backing Up Data54 Netscape Certificate Management System Command-Line Tools Guide • May 2002• There is pl enty of disk space in the output di rectory;

Restoring DataChapter 6 Backing Up and Restoring Data 55Move the zip archive to another machine or removable medium. If possible,encrypt the archive (

Restoring Data56 Netscape Certificate Management System Command-Line Tools Guide • May 2002You cannot restore data to a CMS instance that has not been

Restoring DataChapter 6 Backing Up and Restoring Data 57Running the Restore ToolTo run cmsrestore:1. Log in to the machine where the CMS instance you

Restoring Data58 Netscape Certificate Management System Command-Line Tools Guide • May 2002If you answer no, no Administration Server data will be res

Restoring DataChapter 6 Backing Up and Restoring Data 59After you answer these questions, the tool stops the CMS server, restores thedata, then restar

6 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Restoring Data60 Netscape Certificate Management System Command-Line Tools Guide • May 2002

61Chapter 7ASCII to Binary ToolYou can use the ASCII to Binary tool to convert ASCII base-64 encoded data tobinary base-64 encoded data.This chapter h

Example62 Netscape Certificate Management System Command-Line Tools Guide • May 2002ExampleAtoB.bat C:\test\data.in C:\test\data.outThe above command

63Chapter 8Binary to ASCII ToolYou can use the Binary to ASCII tool to convert binary base-64 encoded data toASCII base-64 encoded data.The chapter ha

Example64 Netscape Certificate Management System Command-Line Tools Guide • May 2002ExampleBtoA.bat C:\test\data.in C:\test\data.outThe above command

65Chapter 9Pretty Print Certificate ToolYou can use the Pretty Print Certificate tool to print the contents of a certificatestored as ASCII base-64 en

Example66 Netscape Certificate Management System Command-Line Tools Guide • May 2002ExamplePrettyPrintCert.bat C:\test\cert.in C:\test\cert.outThe abo

ExampleChapter 9 Pretty Print Certificate Tool 6731:F2:CA:C9:16:87:B9:AD:B8:39:69:18:CE:29:81:5F:F3:4D:97:B9:DF:B7:60:B3:00:03:16:8E:C1:F8:17:6E:7A:D2

Example68 Netscape Certificate Management System Command-Line Tools Guide • May 2002

69Chapter 10Pretty Print CRL ToolYou can use the Pretty Print CRL tool to print the contents of a CRL stored asASCII base-64-encoded data in a human-r

7About This GuideThe Command-Line Tools Guide describes various command-line tools or utilitiesthatare bundledwith NetscapeCertificate ManagementSyste

Example70 Netscape Certificate Management System Command-Line Tools Guide • May 2002ExamplePrettyPrintCrl.bat C:\test\crl.in C:\test\crl.outThe above

ExampleChapter 10 Pretty Print CRL Tool 71Serial Number: 0x11Revocation Date: Wednesday, December 16, 1998 4:51:54 AMExtensions:Identifier: Revocation

Example72 Netscape Certificate Management System Command-Line Tools Guide • May 2002

Index 73IndexAaddingnew entries to the password cache 29ASCII to Binary tool 61example 62location 61syntax 61BBinary to ASCII tool 63example 64locatio

74 Netscape Certificate Management System Command-Line Tools Guide • May 2002ExtJoiner toolexample 46location 46syntax 46Ffonts used in this book 9Lli

What’s in This Guide8 Netscape Certificate Management System Command-Line Tools Guide • May 2002• Understand the conceptsof intranet, extranet, andthe

Conventions Used in This GuideAbout This Guide 9• Chapter 5, “Extension Joiner Tool” Describes how to use the tool for joiningMIME-64 encoded formats