mktruststore

Obtains a public certificate from LDAP to and creates a truststore that is shared by the administrative infrastructure to certify secure connections. This command replaces any existing truststore on the local engine.

Read syntax diagramSkip visual syntax diagram
>>-mktruststore--+------+--------------------------------------><
                 +-path-+
                 '- – --'

Parameters

path
Specifies the full directory path to import an existing LDAP certificate into the new truststore file being created. The certificate cannot be added to an existing truststore because a new truststore will be created. If not specified, an LDAP certificate will not be added to the new truststore.
Note: An LDAP certificate is required to obtain secure communication with the LDAP server.
Specifies that you want to read the path from stdin (for example, – << /work/path.txt).

Prerequisites

The cimom.properties file must be set up prior to using this command.

The tank.properties file must exist. It is used by the mktruststore command to determine the language being used.

This task must be performed only by trained service technicians.

Description

Note: This command is run from the shell prompt from the /usr/tank/admin/bin directory. It is not run inside of sfscli.

The truststore file resides in the /usr/tank/admin/ directory.

You would use the mktruststore command is used in these circumstances:
  • During installation, the mktruststore command is run automatically by the setupTank script on the first engine. Because the truststore file must be exactly the same on every engine in the cluster, you must copy the truststore file from one engine to each remaining engine in the cluster before running setupTank on those engines.
  • When replacing an expired truststore file. The truststore file is valid for one year.
  • When you need to change the truststore (for example, if security is breached). You may change the truststore at any time; however, it must be the same on every engine in the cluster. The Administrative agent must be restarted any time the truststore is changed by issuing the stopcimom and startcimom commands. The user interfaces (SAN File System console and Administrative command-line interface) connection will be broken when the Administrative agent is stopped.

Example

Create truststore The following example creates a truststore and imports the LDAP certificate ldap.cert from the local directory:
mktruststore ldap.cert
Creating truststore file.
The truststore was created successfully
Certificate was added to keystore.

Parent topic: Service commands and utilities

Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.