ssltrustmgr -a [ -t truststore ] -c certuser -f certfile
ssltrustmgr -a -T trustpath -f certfile
ssltrustmgr -a -R -f crlfile
ssltrustmgr -r [ -t truststore | -T trustpath ] -i issuername -n serialnumber
ssltrustmgr -r -R -i issuername
ssltrustmgr -l [ -t truststore | -T trustpath ] [ -i issuername [ -n serialnumber ] ]
ssltrustmgr -l -R [ -i issuername ]
ssltrustmgr -h | --help
ssltrustmgr -v | --version
This command will exit with error status if the user executing the command is not a privileged user. The ssltrustmgr command require that the CIM Server is running.
The ssltrustmgr command provides a command line interface to manage X509 certificates in a trust store or a Certificate Revocation List (CRL). The command will exit with error status if the trust store or the CRL store does not exist, or they are not in directory format.
The add option of the ssltrustmgr command adds an X509 certificate from certfile
to the specified truststore
or trustpath
, or the CRL from crlfile
to the CRL store. The truststore
names supported are cim_trust
and export_trust
. If no truststore
is specified then cim_trust
is used as the default truststore
. If truststore
is specified then certuser
must be specified. The certuser
specifies the username to be associated with the certificate in the certfile
. If the CRL specified in crlfile
already exists in the CRL store, the existing CRL is overwritten.
The remove option of the ssltrustmgr command removes the X509 certificate matching the specified issuername
and serialnumber
from the specified truststore
or trustpath
. The remove option also removes the CRL from the CRL store for a specified issuername
.
The list option of the ssltrustmgr command lists the X509 certificates in the specified truststore
or trustpath
. The listing can be filtered by specifying the issuername
and serialnumber
. The list option also lists the CRLs for the specified issuername
.
ssltrustmgr
recognizes the following options:
-a |
Adds the specified certificate to the target |
-r |
Removes the certificate matching the |
-l |
Displays the X509 certificates in the target |
-R |
Indicates that the requested add, remove or list operation is to be performed on the CRL store. |
-t truststore |
Specifies a trust store name containing zero or more X509 certificates. |
-T trustpath |
Specifies a trust store path containing zero or more X509 certificates. |
-f certfile / crlfile |
Specifies a PEM format file containing an X509 certificate or a CRL. |
-c certuser |
Specifies a username to be associated with the specified certificate. The username specified should be a valid system user on the target system. |
-i issuername |
Specifies a certificate or a CRL Issuer name. |
-n serialnumber |
Specifies a certificate Serial number. |
-h | --help |
Displays the command help message. |
-v | --version |
Displays the CIMServer version number. |
When an error occurs, an error message is written to stderr and an error value 1 is returned. The following values are returned:
0 | Success |
1 | Error |
Add the X509 certificate in the cert.pem
file to the trust store cim_trust
on the CIMServer and associate user nag
with the certificate:
ssltrustmgr -a -t cim_trust -c nag -f cert.pem
Add the X509 certificate in the cert.pem
file to the trust store specified by the trust path $PEGASUS_HOME/client_trust
(User association is not required when trust path is specified):
ssltrustmgr -a -T $PEGASUS_HOME/client_trust -f cert.pem
Add the CRL in class1crl.pem
to the Certificate Revocation List on the CIMServer:
ssltrustmgr -a -R -f class1crl.pem
ssltrustmgr -aR -f class1crl.pem
Remove the certificate matching the specified issuername
and serialnumber
from the cim_trust
trust store:
ssltrustmgr -r -i "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com" -n 01
List all the X509 certificates in the export_trust
trust store:
ssltrustmgr -l -t export_trust
List all the X509 certificates in the cim_trust
trust store:
ssltrustmgr -l
ssltrustmgr -l -t cim_trust
List the CRL issued by the issuer name: "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com"
.
ssltrustmgr -lR -i "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com"