Manual Pages
Table of Contents
keymgr - key and certificate management
keymgr generate <type> <file_name> <attributes>
keymgr install <type> <path_name>
keymgr install key <path_name> <PASSWORD>
keymgr list <type>
keymgr view <type> <file_name>
keymgr delete <type> <file_name>
<type>
- csr
- certificate signing request
- cert
- user certificate
- root
- root certificate
- key
- key file
<attributes>
- KeyLen
- Key length in bits (default
1024)
- KeyFile
- File name of private key
- Common
- Common name (such as the
machine name)
- Country
- Country name
- State
- State name
- Locality
- Locality name (such as the
City name)
Organization Organization name (such as
Company)
- Unit
- Organization unit name
keymgr manages private keys, certificate signing requests,
user certificates, and root certificates for Filer.
A private key is a mathematical value of an asymmetric key
pair that is not shared with trading partners. A private
key works in conjunction with the public key to encrypt
and decrypt data.
A certificate signing request (CSR) is an unsigned certificate
for submission to a Certification Authority (CA),
which signs it with the Private Key of their CA Certificate.
Once a CSR is signed, it becomes a user certificate.
A user certificate is a digital ID. It is signed and
issued by a certification authority. It contains a unique
name, a serial number, expiration dates, a public key and
the digital signature of the certificate-issuing authority.
keymgr generate command can be used to generate a private
key, a certificate signing request, a self signed user
certificate, or a root certificate.
keymgr install command can be used to install a private
key, a user certificate, or a root certificate on the
Filer. In most cases, a private key is generated on the
same Filer by using the keymgr generate command. However,
private keys can also be generated on a different host,
which may generate better random keys than the Filer. A
user certificate is generally issued as a response to a
certificate signing request and sent back by a CA (via an
out-of-band mechanism such as mail). In order to be able
to verify the peer's user certificates, the system administrator
must install root certificates that sign those
user certificates.
keymgr list command can be used to list all the private
keys, certificate signing requests, user certificates and
root certificates.
keymgr view command can be used to view a certificate
signing request, user certificate or a root certificate.
keymgr delete command can be used to delete a private key,
certificate signing request, user certificate or root certificate.
If the key, user certificate, or root certificate
is currently used by any application, it can not be
deleted.
keymgr generate cert MyCertFile KeyLen = 1024 KeyFile = MyKeyFile Common =
MyFiler Country = US State = CA Local = Sunnyvale Org =
MyCompany Unit = MyGroup
keymgr list cert
keymgr view cert MyCertFile
keymgr install cert /etc/MyCASignedCert.pem
keymgr install key /etc/MyPrivateKey.pem KEY_PASSWORD
Table of Contents