The File Based Key Manager Provider can be used to obtain the server certificate from a key store file on the local file system.
Multiple file formats may be supported, depending on the providers supported by the underlying Java runtime environment. The key store PIN protects the keystore itself while the private key PIN is used to access private keys. If the private key PIN is not specified its value defaults to that of the key store PIN.
The File Based Key Manager Provider component inherits from the Key Manager Provider
The following components have a direct aggregation relation from File Based Key Manager Providers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| key-store-file | |
| key-store-type | |
| key-store-pin | |
| key-store-pin-file | |
| key-store-pin-passphrase-provider | |
| private-key-pin | |
| private-key-pin-file | |
| private-key-pin-passphrase-provider |
| Description | A description for this Key Manager Provider |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Key Manager Provider is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the Directory Server instance root. Changes to this property will take effect the next time that the key manager is accessed. |
| Default Value | None |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. |
| Default Value | None |
| Allowed Values | Any key store format supported by the Java runtime environment. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the PIN needed to access the File Based Key Manager Provider. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. |
| Description | Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider. |
| Default Value | None |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. |
key-store-pin-passphrase-provider
| Description | The passphrase provider to use to obtain the clear-text PIN needed to access the File Based Key Manager Provider. |
| Default Value | None |
| Allowed Values | The DN of any Passphrase Provider. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the clear-text PIN needed to access the File Based Key Manager Provider private key. If no private key PIN is specified the PIN defaults to the key store PIN. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. |
| Description | Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider private key. If no private key PIN is specified the PIN defaults to the key store PIN. |
| Default Value | None |
| Allowed Values | A filesystem path |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. |
private-key-pin-passphrase-provider
| Description | The passphrase provider to use to obtain the clear-text PIN needed to access the File Based Key Manager Provider private key. If no private key PIN is specified the PIN defaults to the key store PIN. |
| Default Value | None |
| Allowed Values | The DN of any Passphrase Provider. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed. |
To list the configured Key Manager Providers:
dsconfig list-key-manager-providers
[--property {propertyName}] ...
To view the configuration for an existing Key Manager Provider:
dsconfig get-key-manager-provider-prop
--provider-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Key Manager Provider:
dsconfig set-key-manager-provider-prop
--provider-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new File Based Key Manager Provider:
dsconfig create-key-manager-provider
--provider-name {name}
--type file-based
--set enabled:{propertyValue}
--set key-store-file:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Key Manager Provider:
dsconfig delete-key-manager-provider
--provider-name {name}