friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatl_5.4.0.1/rzatlssltrustmgr.htm

183 lines
12 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2005" />
<meta name="DC.rights.owner" content="(C) Copyright IBM Corporation 2005" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="ssltrustmgr usage information" />
<meta name="abstract" content="This command provides a command-line interface to manage X.509 certificates in a trust store or a Certificate Revocation List (CRL)." />
<meta name="description" content="This command provides a command-line interface to manage X.509 certificates in a trust store or a Certificate Revocation List (CRL)." />
<meta name="DC.Relation" scheme="URI" content="rzatlmngcmd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzatladvstartup.htm" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzatlssltrustmgr" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>ssltrustmgr usage information</title>
</head>
<body id="rzatlssltrustmgr"><a name="rzatlssltrustmgr"><!-- --></a>
<img src="./delta.gif" alt="Start of change" /><!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">ssltrustmgr usage information</h1>
<div><p>This command provides a command-line interface to manage X.509
certificates in a trust store or a Certificate Revocation List (CRL).</p>
<p>You must run the ssltrustmgr command from a QSHELL command-line, which
requires that the QSHELL product is installed on the system. You can run this
command from /QIBM/UserData/OS400/CIM.</p>
<p><img src="./delta.gif" alt="Start of change" />The CIMOM must be running to use this command.<img src="./deltaend.gif" alt="End of change" /></p>
<dl><dt class="dlterm">Name</dt>
<dd>ssltrustmgr - add, remove, revoke or list X.509 certificates in a PEM
format trust store.</dd>
<dt class="dlterm">Synopsis</dt>
<dd>Usage: <ul><li><samp class="codeph">ssltrustmgr -a [ -t truststore ] -c certuser -f certfile</samp></li>
<li><samp class="codeph">ssltrustmgr -a -T trustpath -f certfile</samp></li>
<li><samp class="codeph">ssltrustmgr -a -R -f crlfile</samp></li>
<li><samp class="codeph">ssltrustmgr -r [ -t truststore | -T trustpath ] -i issuername
n serialnumber</samp></li>
<li><samp class="codeph">ssltrustmgr -r -R -i issuername</samp></li>
<li><samp class="codeph">ssltrustmgr -l [ -t truststore | -T trustpath ] [ -i issuername
[ -n serialnumber ] ]</samp></li>
<li><samp class="codeph">ssltrustmgr -l -R [ -i issuername ]</samp></li>
<li><samp class="codeph">ssltrustmgr -h | --help</samp></li>
<li><samp class="codeph">ssltrustmgr -v | --version</samp></li>
</ul>
</dd>
<dt class="dlterm">Remarks</dt>
<dd><img src="./delta.gif" alt="Start of change" />This command exits with an error status if the user running
the command is not a privileged user. A privileged user has *ALLOBJ and *SECADM
special authorities. The ssltrustmgr command requires that the CIM Server
is running.<img src="./deltaend.gif" alt="End of change" /></dd>
<dt class="dlterm">Description</dt>
<dd><p>The ssltrustmgr command provides a command-line interface to manage
X.509 certificates in a trust store or a Certificate Revocation List (CRL).
The command exits with an error status if the trust store or the CRL store
do not exist or they are not in directory format.</p>
<p>The add option of
the ssltrustmgr command adds an X.509 certificate from one of the following:</p>
<ul><li>The <span class="parmname">certfile</span> to the specified <span class="parmname">truststore</span> or <span class="parmname">trustpath</span>.</li>
<li>The CRL from <span class="parmname">crlfile</span> to the CRL store.</li>
</ul>
<p>The <span class="parmname">truststore</span> names supported are <span class="parmname">cim_trust </span> and <span class="parmname">export_trust</span>.
If no <span class="parmname">truststore</span> is specified, then <span class="parmname">cim_trust</span> is
used as the default <span class="parmname">truststore</span>. If <span class="parmname">truststore</span> is
specified, then <span class="parmname">certuser</span> must be specified. The <span class="parmname">certuser</span> specifies
the username to be associated with the certificate in the <span class="parmname">certfile</span>.
If the CRL specified in <span class="parmname">crlfile</span> already exists in the
CRL store, the existing CRL is overwritten.</p>
<p>The remove option of the <span class="parmname">ssltrustmgr</span> command
removes the X.509 certificate matching the specified <span class="parmname">issuername</span> and <span class="parmname">serialnumber</span> from
the specified <span class="parmname">truststore</span> or <span class="parmname">trustpath</span>.
The remove option also removes the CRL from the CRL store for a specified <span class="parmname">issuername</span>.</p>
<p>The
list option of the ssltrustmgr command lists the X.509 certificates in the
specified <span class="parmname">truststore</span> or <span class="parmname">trustpath</span>.
The listing can be filtered by specifying the <span class="parmname">issuername</span> and <span class="parmname">serialnumber</span>.
The list option also lists the CRLs for the specified <span class="parmname">issuername</span>.</p>
</dd>
</dl>
<div class="section"><h4 class="sectiontitle">Options</h4>The <span class="parmname">ssltrustmgr</span> command
uses the following options:<dl><dt class="dlterm">-a</dt>
<dd>Adds the specified certificate to the target <span class="parmname">truststore</span>, <span class="parmname">trustpath</span>,
or a CRL store. If the <span class="parmname">truststore</span> or <span class="parmname">trustpath</span> does
not exist, an error message is returned and no action is taken. If the specified
certfile does not contain an X.509 certificate or contain an invalid certificate,
an error message is returned and no action is taken. If the specified <span class="parmname">crlfile</span> contains
an invalid CRL, an error message is returned and no action is taken. If the
CRL specified in <span class="parmname">crlfile</span> already exists in the CRL store,
the existing CRL is overwritten. </dd>
<dt class="dlterm">-r</dt>
<dd>Removes the certificate matching the <span class="parmname">serialnumber</span> issued
by the <span class="parmname">issuername</span> from the target <span class="parmname">truststore</span> or <span class="parmname">trustpath</span>.
If no certificate exists for the specified <span class="parmname">issuername</span> and <span class="parmname">serialnumber</span>,
an error message is returned and no action is taken. If -R option is specified,
it removes the CRL issued by the specified <span class="parmname">issuername.</span></dd>
<dt class="dlterm">-l</dt>
<dd>Displays the X.509 certificates in the target <span class="parmname">truststore</span> or <span class="parmname">trustpath</span>.
If <span class="parmname">issuername</span> and <span class="parmname">serialnumber</span> are
specified, only the matching certificates are displayed. If -R option is specified,
all the CRLs in the CRL store are displayed. If <span class="parmname">issuername</span> is
specified with the -R option, then the CRL issued by that issuer is displayed. </dd>
<dt class="dlterm">-R</dt>
<dd>Indicates that the requested add, remove, or list operation is to be performed
on the CRL store. </dd>
<dt class="dlterm">-t truststore</dt>
<dd>Specifies a trust store name containing zero or more X.509 certificates. </dd>
<dt class="dlterm">-T trustpath</dt>
<dd>Specifies a trust store path containing zero or more X.509 certificates. </dd>
<dt class="dlterm">-f certfile / crlfile</dt>
<dd>Specifies a PEM format file containing an X.509 certificate or a CRL. </dd>
<dt class="dlterm">-c certuser</dt>
<dd>Specifies a <span class="parmname">username</span> to be associated
with the specified certificate. The <span class="parmname">username</span> specified
should be a valid system user on the target system. </dd>
<dt class="dlterm">-i issuername</dt>
<dd>Specifies a certificate or a CRL issuer name. </dd>
<dt class="dlterm">-n serialnumber</dt>
<dd>Specifies a certificate serial number.</dd>
<dt class="dlterm">-h | --help</dt>
<dd>Displays command help information.</dd>
<dt class="dlterm">-v | --version</dt>
<dd>Displays the CIMOM version number.</dd>
</dl>
</div>
<div class="section"><h4 class="sectiontitle">Exit status</h4>When an error occurs, an error message
is written to stderr and an error value 1 is returned. The following values
are returned:<dl><dt class="dlterm">0</dt>
<dd>Success</dd>
<dt class="dlterm">1</dt>
<dd>Error</dd>
</dl>
</div>
<div class="example"><h4 class="sectiontitle">Examples</h4><dl><dt class="dlterm"><kbd class="userinput">ssltrustmgr -a -t cim_trust -c <var class="varname">username</var> -f
cert.pem</kbd></dt>
<dd>Adds the X.509 certificate in the <span class="parmname">cert.pem</span> file to
the trust store <span class="parmname">cim_trust</span> on the CIMOM and associate
user <var class="varname">username</var> with the certificate.</dd>
<dt class="dlterm"><kbd class="userinput">ssltrustmgr -a -T /QIBM/UserData/OS400/CIM/<var class="varname">mytruststore</var>
-f cert.pem</kbd></dt>
<dd>Adds the X.509 certificate in the <span class="parmname">cert.pem</span> file to
the trust store specified by the trust path <span class="filepath"><img src="./delta.gif" alt="Start of change" />/QIBM/UserData/OS400/CIM/<var class="varname">mytruststore</var><img src="./deltaend.gif" alt="End of change" /></span>.
User association is not required when trust path is specified.</dd>
<dt class="dlterm"><samp class="codeph"><kbd class="userinput">ssltrustmgr -a -R -f class1crl.pem</kbd></samp></dt>
<dt class="dlterm"><samp class="codeph"><kbd class="userinput">ssltrustmgr -aR -f class1crl.pem</kbd></samp></dt>
<dd>Both of these examples add the CRL in <span class="parmname">class1crl.pem</span> to
the Certificate Revocation List on the CIMOM.</dd>
<dt class="dlterm"><kbd class="userinput">ssltrustmgr -r -i "/C=US/ST=California/L=Cupertino/O=Smart &amp;
Secure/OU=Secure Software Division/CN=dev.admin.ss.com" -n 01</kbd> </dt>
<dd>Removes the certificate matching the specified <span class="parmname">issuername</span> and <span class="parmname">serialnumber</span> from
the <span class="parmname">cim_trust</span> trust store.</dd>
<dt class="dlterm"><kbd class="userinput">ssltrustmgr -l -t export_trust </kbd></dt>
<dd>Lists all the X.509 certificates in the <span class="parmname">export_trust</span> trust
store.</dd>
<dt class="dlterm"><kbd class="userinput">ssltrustmgr -l</kbd> </dt>
<dt class="dlterm"><kbd class="userinput">ssltrustmgr -l -t cim_trust</kbd></dt>
<dd>Both of these examples list all the X.509 certificates in the <span class="parmname">cim_trust</span> trust
store.</dd>
<dt class="dlterm"><kbd class="userinput">ssltrustmgr -lR -i "/C=US/ST=California/L=Cupertino/O=Smart &amp;
Secure/OU=Secure Software Division/CN=dev.admin.ss.com"</kbd></dt>
<dd>Lists the CRL issued by the issuer name.</dd>
</dl>
<p><strong>iSeries-specific usage:</strong> On an iSeries™ server, this command requires
the user to have *SECADM and *ALLOBJ authority.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzatlmngcmd.htm" title="The open source Pegasus implementation includes a set of command line utilities that you can use to control or change the Pegasus environment.">Pegasus command-line utilities</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzatladvstartup.htm" title="You can change the advanced startup options for the CIM server with the cimconfig command.">Advanced startup options for the cimconfig command</a></div>
</div>
</div>
<img src="./deltaend.gif" alt="End of change" /></body>
</html>
Reference in New Issue View Git Blame Copy Permalink