Skip past navigation linksSecure Global Desktop 4.31 Administration Guide > Commands > The tarantella security certuse command

The tarantella security certuse command

Syntax

Skip past command syntax or program codetarantella security certuse

tarantella security certuse --certfile cfile
                           [ --keyfile kfile ]

Description

Installs an X.509 certificate (or specifies the location of a previously installed certificate) to be used by Secure Global Desktop security services.

Certificates must be Base 64-encoded PEM-format, with a header line including "BEGIN CERTIFICATE", as used by OpenSSL.

If no arguments are specified, this command reads the certificate from standard input and installs it in /opt/tarantella/var/tsp.

After installing an X.509 certificate, you must restart Secure Global Desktop using the tarantella restart command.

Argument Description
--certfile cfile Specifies the location of a file containing the certificate. If no --keyfile argument is specified, Secure Global Desktop assumes that cfile contains both the certificate and the corresponding private key.

You can use this option in two ways:

  • To tell Secure Global Desktop about a certificate you've already installed for use with another product (such as a web server). In this case, Secure Global Desktop makes symbolic links to (not copies of) the cfile (and kfile, if specified).
  • To install a certificate received from a Certificate Authority after generating a Certificate Signing Request using tarantella security certrequest. In this case, Secure Global Desktop installs the certificate in /opt/tarantella/var/tsp for use with Secure Global Desktop security services;.

You must specify the full path to cfile.

--keyfile kfile Specifies the location of a file containing the private key required to decrypt the certificate in cfile.

Use this option to tell Secure Global Desktop about a private key you've already installed. If you used the tarantella security certrequest command to generate a CSR and obtain a certificate, you won't need to use this option.

You must specify the full path to kfile.

Examples

Your circumstances are... Type this...
You used tarantella security certrequest to generate a CSR, which you sent to a Certificate Authority. The CA returned a certificate to you, which you saved in a temporary file /tmp/cert. tarantella security certuse < /tmp/cert
You already have a certificate (you didn't use tarantella security certrequest). The certificate is installed in /opt/certs/cert and the key needed to decode it is installed in /opt/keys/key. tarantella security certuse --certfile /opt/certs/cert --keyfile /opt/keys/key
You already have a certificate (you didn't use tarantella security certrequest). A single file /opt/certs/cert contains both the certificate and the key needed to decode it. tarantella security certuse --certfile /opt/certs/cert
Related topics