Security Token File Keys and Certificates
When you generate a security token file from a security policy file, the public certificate of the domain identity in the security policy file is copied to the security token file. When a security domain requestor attempts to connect to a metaspace using the security token file, the connection fails if the public certificate in the security token file does not match the security domain controller's identity certificate.
By default, security token files do not contain a private key and public certificate for establishing the identity of the security domain requestor. Thus, when a security domain requestor attempts to connect to a metaspace, a temporary private key and public certificate are dynamically created for the security domain requestor to establish secure connections with. This key and certificate are valid for the duration of its connection to the metaspace.
Optionally, when you generate a security token file you can specify creation of a private key and public certificate. The following example shows the Admin CLI command to generate a security token file with a private key and public certificate for establishing a security domain requestor's identity for secure transport connections:
as-admin> create security_token
domain_name “mydomain”
policy_file “mypolicy.txt”
create_identity
token_file “mytoken.txt”
See Restricting Transport Access for information on how generating a private key and public certificate in the security token file can be used to restrict access in a security domain to only certain security domain requestors.