General Commands & Tools
This section explains commands and tools that are available in the *CRYPT module.
Keystore Tools
Keystore tools are supplemental JAVA programs for the i-effect keystore. The are located in /i-effect//CRYPT/tools under the name KeystoreTools.jar. JAR files are JAVA archives that contain JAVA programs.
Keystore tools can bu run with the command RUNJAVA and the required paramters for the desired functionality. The functions are explained in the following, as well as the parameters used by them.
Call up of KeystoreTools looks as follows:
RUNJVA CLASS(‚/i-effect//CRYPT/tools/KeystoreTools.jar') PARM(‚...')
This is followed be on or more paramters that are entered within the PARM paramter followed by a comma.
The parameters within the PARM parameter must be entered in simple single quotes (param1, param2,.....')
*CHECK - Tests the Validity of Certificates in the i-effect Keystore
If the *CHECK paramter is entered followed by a number (both separated by a comma) the length of validity of all the certificates in the keystore will be tested. The number corresponds to the number of days that will be tested until a certifate loses its validity.
The results of this test are saved in the file: /i-effect//internal/YYYY-MM-DD-certificates_to_check.list
All relevent certificates are listed with their aliases and certificate information in this file.
If all certificates that will lose their validity in the next 30 days should be listed, the comman will look as follows:
RUNJVA CLASS(‚/i-effect//CRYPT/tools/KeystoreTools.jar') PARM(‚*CHECK,30')
In addition, all certificates will be listed automatically that are not yet valid or have already lost their validity. If no certificates were found that are no longer or not yet valid, the output file will be empty.
Tip for the Automated Use of i-effect *SERVER
KeystoreTools *CKECK can be automated, for example as a weekly *SCHEDULE sever task and used to react promptly when a certificate or partner's certificate expires. The type of *SEVER processing used here is *USERDEFINED, and *NONE should be entered as file type.
A valid license for the *SEVER module is required for these tasks.
One further parameter must also be sent to the command when using server task: the *SEVER specific variable "%SESSIONNUMBER%". This variable contains the session number used during the run time from the sever task. If this number is sent to KeystoreTools *CKECK, logbook mesages from KeystoreTools will be written with this number in the session.
Using the previous example, the command in the server task looks as follows:
RUNJVA CLASS(‚/i-effect//CRYPT/tools/KeystoreTools.jar') PARM(‚*CHECK,30,%SESSIONNUMBER%')
This command is entered as a process to be carried out.
A detailed description of server tasks and their processing can be found in Chapter 8 "Process Automation".