Manualshelf

System information

ManualsBrandsRed Hat ManualsOtherCERTIFICATE SYSTEM 7.3 - COMMAND-LINE
51525354555657585960
NOTE
A hardware HSM can be used instead of the software database if the modutil
utility is first used to insert the HSM slot and token into the secmod.db database.
If an HSM is used, then the option -h hsm_token must be added to each of
commands below.
3. List the contents of the local software key database.
tksTool -L -d .
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
Enter Password or Pin for "NSS Certificate DB":
tksTool: the specified token is empty
4. Create a transport key called transport.
tksTool -T -d . -n transport
5. When prompted, fill in the database password, then type in some noise to seed the random
number generator.
6. The session key share and corresponding KCV are displayed. Write down both of these.
7. Run the following command to produce an identical transport key; this is generally used
within another set of databases which need to use identical transport keys. When this is run,
multiple session key shares and KCVs are generated. Write down all of this information.
tksTool -I -d . -n verify_transport
Responses similar to the following appear:
Generating first symmetric key . . .
Generating second symmetric key . . .
Generating third symmetric key . . .
Extracting transport key from operational token . . .
transport key KCV: A428 53BA
Storing transport key on final specified token . . .
Naming transport key "transport" . . .
Usage
45