System Administration Guide: Security Services
Previous Next

KMF Keystore Management

KMF manages the keystores for three public key technologies, PKCS #11 tokens, NSS, and OpenSSL. For all of these technologies, the pktool command enables you to do the following:

  • Designate a keystore for each certificate and PIN.

  • Generate a self-signed certificate.

  • Generate a certificate request.

  • Generate a symmetric key.

  • Import objects into the keystore.

  • List the objects in the keystore.

  • Delete objects from the keystore.

  • Download a CRL.

For the PKCS #11 and NSS technologies, the pktool command also enables you to set a PIN by generating a passphrase:

  • Generate a passphrase for the keystore.

  • Generate a passphrase for an object in the keystore.

For examples of using the pktool utility, see the pktool(1) man page and Using the Key Management Framework (Task Map).

Previous Next