Secure Global Desktop Administration Guide > Commands > The tarantella security certinfo command

The tarantella security certinfo command

Syntax

tarantella security certinfo  [ --certfile certfile [ --keyfile keyfile ] ]
                              [ --checkkey ] [ --full ]

tarantella security certinfo --csrfile csrfile [ --full ]

Description

Displays information about an installed X.509 certificate (first form) or a Certificate Signing Request (second form).

This command can also check whether a specified private key matches the public key (that is, the public key can decrypt text encrypted with the private key) in a particular certificate.

Use the first form of this command without specifying a certfile and keyfile to check keys and certificates you've already installed using the tarantella security certuse command.

Argument	Description
`--certfile certfile`	Specifies the location of a file containing an X.509 certificate. The command displays information about this certificate, including: Information about the server and your organization. Credentials of the Certificate Authority (CA) that validated the certificate. Dates for which the certificate is valid.
`--keyfile keyfile`	Specifies the location of a private key.
`--checkkey`	Checks whether a particular private key matches the public key contained in the X.509 certificate specified in `certfile`. If you specify both `--certfile` and `--keyfile`, the command checks that the specified private key in `keyfile` matches the public key in the `certfile`. If you only specify `--certfile`, the command assumes that `certfile` contains both a certificate and a private key, and checks that that private key matches the public key in the certificate. If you omit both `--certfile` and `--keyfile`, the command checks the certificate and private key installed in the `/opt/tarantella/var/tsp` directory.
`--csrfile csrfile`	Specifies the location of a file containing a Certificate Signing Request. The command displays information about this CSR, including: The DNS name (or chosen common name) of the server the CSR is for. Your organization's name and location.
`--full`	Displays more detailed information about the specified certificate or CSR -- the contents of the public keys they contain, for example.

Examples

tarantella security certinfo \
  --certfile /opt/certs/newyork.cert \
  --full

Displays detailed information about the certificate in /opt/certs/newyork.cert.

tarantella security certinfo \
  --certfile /opt/certs/boston.cert \
  --keyfile /opt/keys/boston.key \
  --checkkey

Displays information about the certificate in /opt/certs/boston.cert, and checks that the private key /opt/keys/boston.key matches the public key contained in that certificate.

tarantella security certinfo \
  --csrfile /tmp/boston.csr

Displays information about the CSR in /tmp/boston.csr.

Related topics
Obtaining and installing an X.509 certificate What are X.509 certificates and why do I need one?