Defines an internal certificate authority.
The smdefca command is used to define an internal CA (Certificate Authority) for Web-based System Manager servers and clients on the current machine. When you define a Web-based System Manager-CA, the following files are generated:
If a CA is already defined on the current machine, the smundefca command must be used first to unconfigure it.
Use the /usr/websm/bin/wsm command to access the graphical interface. The fast path is wsm system.
| Item | Description |
|---|---|
| ca_name | A name that uniquely defines your Web-based System Manager-CA.
The machine full TCP/IP name with some additional serial number might
be a good choice. If you ever redefine a CA, it is recommended that
you use a different name in order to identify which CA, by name, is
used by each server and client. Note: Do not set the CA name to be exactly the machine's full TCP/IP name (this will break the SMGate utility, in case you want to use it in managing this machine from a remote browser). |
| -o organization | Organization name (required for the CA certificate). |
| -c country_code | Two-letter ISO country code (required for the CA certificate). |
| -d pub_dir | The output directory for the public key ring file SMpubkr.class. |
| -e mm/dd/yyyy | Expiration date for the CA certificate. The default expiration date is four years from the date of issuing the command. |
smdefca IBMCA1 -o IBM -c US -d /usr/websm/security/tmp -e 12/31/1999 | Item | Description |
|---|---|
| /usr/websm/security/SMpubkr.class | CA public key ring file. |
| /usr/websm/security/SMCa.log | Lists detailed information on all operations executed by the CA. |
| /usr/websm/security/SMCa.sn | Certificate number file. |
| /usr/websm/security/SM.caprivkr | Certificate private key ring file. |