Skip past navigation linksSecure Global Desktop 4.31 Administration Guide > Commands > The tarantella security certinfo command

The tarantella security certinfo command

Syntax

Skip past command syntax or program codetarantella security certinfo  [ --certfile certfile [ --keyfile keyfile ] ]
                              [ --checkkey ] [ --full ]

tarantella security certinfo --csrfile csrfile [ --full ]

Description

Displays information about an installed X.509 certificate (first form) or a Certificate Signing Request (second form).

This command can also check whether a specified private key matches the public key (that is, the public key can decrypt text encrypted with the private key) in a particular certificate.

Use the first form of this command without specifying a certfile and keyfile to check keys and certificates you've already installed using the tarantella security certuse command.

Argument Description
--certfile certfile Specifies the location of a file containing an X.509 certificate. The command displays information about this certificate, including:
  • Information about the server and your organization.
  • Credentials of the Certificate Authority (CA) that validated the certificate.
  • Dates for which the certificate is valid.

You must specify the full path to certfile.

--keyfile keyfile Specifies the location of a private key.

You must specify the full path to keyfile.

--checkkey Checks whether a particular private key matches the public key contained in the X.509 certificate specified in certfile.
  • If you specify both --certfile and --keyfile, the command checks that the specified private key in keyfile matches the public key in the certfile.
  • If you only specify --certfile, the command assumes that certfile contains both a certificate and a private key, and checks that that private key matches the public key in the certificate.
  • If you omit both --certfile and --keyfile, the command checks the certificate and private key installed in the /opt/tarantella/var/tsp directory.
--csrfile csrfile Specifies the location of a file containing a Certificate Signing Request. The command displays information about this CSR, including:
  • The DNS name (or chosen common name) of the server the CSR is for.
  • Your organization's name and location.

You must specify the full path to csrfile.

--full Displays more detailed information about the specified certificate or CSR -- the contents of the public keys they contain, for example.

Note The --certfile, --keyfile and --csrfile

Examples

Skip past command syntax or program codetarantella security certinfo \
  --certfile /opt/certs/newyork.cert \
  --full

Displays detailed information about the certificate in /opt/certs/newyork.cert.

Skip past command syntax or program codetarantella security certinfo \
  --certfile /opt/certs/boston.cert \
  --keyfile /opt/keys/boston.key \
  --checkkey

Displays information about the certificate in /opt/certs/boston.cert, and checks that the private key /opt/keys/boston.key matches the public key contained in that certificate.

Skip past command syntax or program codetarantella security certinfo \
  --csrfile /tmp/boston.csr

Displays information about the CSR in /tmp/boston.csr.

Related topics