Managing keys and certificates on EAServer  Test CA management

Chapter 14: Managing Keys and Certificates

EAServer Manager | Certificates folder management

This section describes the tasks involved in accessing and managing the server certificate database or the certificate database used by client applications. To manage the server certificate database, configure the top-level Certificates folder in EAServer Manager, while connected to the server. To manage the client certificate database, you must run the standalone Security Manager. Other than the tool used, the management tasks are identical for the client and server certificate database.

You can install and use the standalone Security Manager on a client machine to manage client keys, certificates, and trust information in a local database. The standalone Security Manager is completely independent of EAServer Manager and server installations. Except for the login screen, the standalone Security Manager is identical to EAServer Manager | Certificates folder used to manage server keys and certificates.

The Standalone Security Manager allows C++ CORBA clients and Java applications to access servers using SSL features over IIOPS connections. For more information, see these chapters:

StepsAccessing the server certificate database in EAServer Manager

To begin managing the server certificate database:

  1. Start EAServer Manager as described in “Using EAServer Manager” in the EAServer System Administration Guide.

  2. Expand the top level Certificates folder. The first time you put the focus on this folder in your session, you must enter the PIN for the PKCS #11 token. The default for new installations is “sybase”.

StepsStarting the standalone Security Manager

  1. Change to the EAServer bin subdirectory.

  2. Run sasecmgr to start Sybase Central.

  3. In Sybase Central, choose Tools | Connect.

  4. Choose Security Manager.

  5. Enter the PIN for the PKCS #11 token. The default for new installations is “sybase”. Make sure the Client Root setting matches the installation you want to configure; this field should match the value of the JAGUAR or JAGUAR_CLIENT_ROOT environment variable as set for the installation to be configured.

StepsChanging the user PIN

The initial PIN for the PKCS #11 token is “sybase”. You can also use the same PIN to log in to EAServer Manager | Certificates folder and, if installed, the Sybase PKCS #11 token in Netscape. To change to a more secure PIN:

  1. Select the Private Keys folder.

  2. Select File | Change PIN.

  3. Enter and verify the new PIN.

Restart Netscape for the new PIN to propagate to the Sybase PKCS #11 token.

StepsDisplaying PKCS #11 module information

  1. Select the Private Keys folder.

  2. To view information about the Sybase PKCS #11 module, including the library version and the Cryptoki version, select File | Module Information.

    To view information about the Sybase PKCS #11 token that manages your key and certificate information, including status and version information, select File | Token Information.

StepsLogging out of the PKCS #11 module

  1. Select the Private Keys folder.

  2. Select File | Logout.

You are still logged in to EAServer Manager but can no longer access keys or certificates.




Copyright © 2005. Sybase Inc. All rights reserved. Test CA management

View this document as PDF