Name

dsconfig set-key-manager-provider-prop — Modifies Key Manager Provider properties

Synopsis

dsconfig set-key-manager-provider-prop {options}

Options

The dsconfig set-key-manager-provider-prop command takes the following options:

--provider-name {name}

The name of the Key Manager Provider.

Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following Key Manager Provider types:

file-based-key-manager-provider

Default {name}: File Based Key Manager Provider

Enabled by default: true

See the section called “File Based Key Manager Provider” for the properties of this Key Manager Provider type.

ldap-key-manager-provider

Default {name}: LDAP Key Manager Provider

Enabled by default: true

See the section called “LDAP Key Manager Provider” for the properties of this Key Manager Provider type.

pkcs11-key-manager-provider

Default {name}: PKCS11 Key Manager Provider

Enabled by default: true

See the section called “PKCS11 Key Manager Provider” for the properties of this Key Manager Provider type.

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Key Manager Provider properties depend on the Key Manager Provider type, which depends on the --provider-name {name} option.

--reset {property}

Resets a property back to its default values where PROP is the name of the property to be reset.

Key Manager Provider properties depend on the Key Manager Provider type, which depends on the --provider-name {name} option.

--add {PROP:VALUE}

Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.

Key Manager Provider properties depend on the Key Manager Provider type, which depends on the --provider-name {name} option.

--remove {PROP:VALUE}

Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.

Key Manager Provider properties depend on the Key Manager Provider type, which depends on the --provider-name {name} option.

File Based Key Manager Provider

Key Manager Providers of type file-based-key-manager-provider have the following properties:

enabled
Description

Indicates whether the Key Manager Provider is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation.

Default Value

org.opends.server.extensions.FileBasedKeyManagerProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-store-file
Description

Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed.

Default Value

None

Allowed Values

A path to an existing file that is readable by the server.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

key-store-pin
Description

Specifies the clear-text PIN needed to access the File Based Key Manager Provider .

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-environment-variable
Description

Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider .

Default Value

None

Allowed Values

The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-file
Description

Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider .

Default Value

None

Allowed Values

A path to an existing file that is readable by the server.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-property
Description

Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider .

Default Value

None

Allowed Values

The name of a defined Java property.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the File Based Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-type
Description

Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed.

Default Value

None

Allowed Values

Any key store format supported by the Java runtime environment.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

LDAP Key Manager Provider

Key Manager Providers of type ldap-key-manager-provider have the following properties:

base-dn
Description

The base DN beneath which LDAP key store entries are located.

Default Value

None

Allowed Values

A valid DN.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Key Manager Provider is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

The fully-qualified name of the Java class that provides the LDAP Key Manager Provider implementation.

Default Value

org.opends.server.extensions.LDAPKeyManagerProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-store-pin
Description

Specifies the clear-text PIN needed to access the LDAP Key Manager Provider .

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the LDAP Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-environment-variable
Description

Specifies the name of the environment variable that contains the clear-text PIN needed to access the LDAP Key Manager Provider .

Default Value

None

Allowed Values

The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the LDAP Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-file
Description

Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the LDAP Key Manager Provider .

Default Value

None

Allowed Values

A path to an existing file that is readable by the server.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the LDAP Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-property
Description

Specifies the name of the Java property that contains the clear-text PIN needed to access the LDAP Key Manager Provider .

Default Value

None

Allowed Values

The name of a defined Java property.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the LDAP Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

PKCS11 Key Manager Provider

Key Manager Providers of type pkcs11-key-manager-provider have the following properties:

enabled
Description

Indicates whether the Key Manager Provider is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation.

Default Value

org.opends.server.extensions.PKCS11KeyManagerProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-store-pin
Description

Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider .

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-environment-variable
Description

Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider .

Default Value

None

Allowed Values

The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-file
Description

Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider .

Default Value

None

Allowed Values

A path to an existing file that is readable by the server.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

Advanced Property

No

Read-only

No

key-store-pin-property
Description

Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider .

Default Value

None

Allowed Values

The name of a defined Java property.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed.

Advanced Property

No

Read-only

No