This chapter describes how to start, stop, and restart Netscape Certificate Management System (CMS) and how to check its current status. The chapter also explains the CMS watchdog process, a native bootstrapping program that enables Certificate Management System to start up with a single password instead of multiple ones.
Stopping Certificate Management System
Restarting Certificate Management System
Checking System Status
Attending to an Unresponsive Server
CMS Watchdog Process
From the command line (locally only)
On a Windows NT system, from the Windows NT Services panel
When you start Certificate Management System, you are prompted to enter the single sign-on password you specified during installation. This password enables the CMS watchdog (see "CMS Watchdog Process") to retrieve all the passwords required by the server to start. These include the following:
The bind password used by Certificate Management System to access and update the internal database.
The bind password used by Certificate Management System to access and remove PINs from the authentication directory, if you've configured Certificate Management System to remove PINs from the authentication directory (see the description for the ldap.ldapauthbindDN and ldap.ldapauth.bindPWPrompt parameters on Table 9.2).
The bind password used by Certificate Management System to access and update the LDAP directory; this is required only if you have configured Certificate Management System for publishing certificates and CRLs to an LDAP-compliant directory.
If you have installed a Registration Manager in the currently selected CMS instance, the token password unlocks the private keys for the Registration Manager's signing and SSL server certificates.
If you have installed a Data Recovery Manager in the currently selected CMS instance, the token password unlocks the private keys for the Data Recovery Manager's storage keys and transport and SSL server certificates.
Starting from Netscape Console
You can use Netscape Console to start an instance of Certificate Management System running on a local or remote host.
In the Console tab, select the Server Group that contains the CMS instance you want to start.
In the navigation tree, locate the CMS instance you want to start.
Select the instance, right-click, and choose the Start Server option from the pop-up menu.
When you start Certificate Management System, you are prompted to supply the single sign-on password for the server. Enter the single sign-on password you specified during installation and click OK.
When you start Certificate Management System, you are prompted to supply the single sign-on password for the server.
Certificate Management System won't start until you provide this password. For more information, see "Required Start-up Information".
To start Certificate Management System from the command line:
In a Unix system, log in as root if the server runs on ports less than 1024; otherwise, log in either as root or with the server's user account.
At the command-line prompt, enter the following line:
<server_root>/cert-<instance_id>/start-cert[.bat] .bat specifies the file extension; this is required only when running the utility on a Windows NT system. <server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation. <instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server. When prompted, supply the single sign-on password.
<server_root>/cert-<instance_id>/start-cert[.bat]
Starting from the Windows NT Services Panel
If you have installed Certificate Management System on a Windows NT system, you can start the server (as a service) from the Windows NT Services panel (see Figure 5.1). The CMS service has the following name:
<instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server.
Figure 5.1 CMS service in the Windows NT Services panel
Select Control Panel from Settings.
In the Control Panel window that appears, click Services.
Select the CMS instance and click Start.
You are prompted to supply the single sign-on password for the server. Enter the single sign-on password you specified during installation and click OK.
You are prompted to supply the single sign-on password for the server.
You can use Netscape Console to stop an instance of Certificate Management System running on a local or remote host.
In the Console tab, select the Server Group that contains the CMS instance you want to stop.
In the navigation tree, locate the CMS instance you want to stop.
Select the instance, right-click, and choose the Stop option from the pop-up menu.
The server is stopped.
You can stop a CMS instance running on a local host by entering the appropriate command at the command prompt.
In a Unix system, log in either as root or using the server's user account (if that is how you started the server).
<server_root>/cert-<instance_id>/stop-cert[.bat] .bat specifies the file extension; this is required only when running the utility on a Windows NT system. <server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation. <instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server. The server is stopped.
<server_root>/cert-<instance_id>/stop-cert[.bat]
You can stop a CMS instance running on a local host by stopping the corresponding service; it is identified by the following in the Windows NT Services panel (see Figure 5.1 on page 110):
Select the CMS instance and click Stop.
When prompted, click Yes.
You can use the CMS window to restart an instance of Certificate Management System on a local or remote host.
In the Tasks tab, click Restart the Server.
When you restart Certificate Management System, you are prompted to supply the single sign-on password for the server. Enter the single sign-on password you specified during installation and click OK.
When you restart Certificate Management System, you are prompted to supply the single sign-on password for the server.
Certificate Management System won't restart until you provide this password. For more information, see "Required Start-up Information".
To restart Certificate Management System from the command line:
<server_root>/cert-<instance_id>/restart-cert[.bat] .bat specifies the file extension; this is required only when running the utility on a Windows NT system. <server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation. <instance_id> is the ID for this instance of Certificate Management System. You first specified this when you installed this server. When prompted, supply the single sign-on password.
<server_root>/cert-<instance_id>/restart-cert[.bat]
In the Console tab, select the SIE that corresponds to the CMS instance you want to check.
In the right pane, check the Server Status field. If the selected instance of Certificate Management System is running, the status will be Started. Otherwise it will be Stopped.
<server_root> is the directory where the CMS binaries are kept. You first specified this directory during installation.
c:\> killproc 255
Killed process 255.
c:\>
The watchdog process implements the following operations:
The watchdog allows you to start Certificate Management System by using a single password instead of the multiple passwords that would otherwise be required. For details on these passwords, see "Required Start-up Information". During CMS installation the watchdog stores all the passwords required by the server for starting up in a password cache. The cache is maintained in a file encrypted using the single sign-on password you specify during installation. When you change any of the required passwords or provide new passwords, you must start the server from the command-line (see "Starting from the Command Line") so that the watchdog can prompt you for the new passwords in order to update the cache. Stops Certificate Management System.
The watchdog allows you to start Certificate Management System by using a single password instead of the multiple passwords that would otherwise be required. For details on these passwords, see "Required Start-up Information".
During CMS installation the watchdog stores all the passwords required by the server for starting up in a password cache. The cache is maintained in a file encrypted using the single sign-on password you specify during installation. When you change any of the required passwords or provide new passwords, you must start the server from the command-line (see "Starting from the Command Line") so that the watchdog can prompt you for the new passwords in order to update the cache.
Restarts Certificate Management System (after configuration changes).
Detects Certificate Management System crashes and restarts the server.
The watchdog monitors Certificate Management System and the Java VM, restarting the server in the case of a failure. In the Unix version of Certificate Management System, the watchdog records the server process ID (pid) and sets the user ID (uid) of the process.
The watchdog monitors Certificate Management System and the Java VM, restarting the server in the case of a failure.
Previous
