1 sushma.fernandes 1.1 .\" $Header: /cvs/MSB/pegasus/rpm/manLinux/man1m.Z/cimtrust.1m,v 1.1 2006/08/15 19:46:34 Sushma Exp $
2 .TA c \" lowercase initial letter of .TH name
3 .TH cimtrust 1M
4 .SH NAME
5 cimtrust \- Add, remove or list X509 certificates in a PEM format trust store.
6 .SH SYNOPSIS
7
8 .B cimtrust
9 -a [ -U certuser ] -f file -T ( a | e | s )
10
11 .B cimtrust
12 -r -i issuer ( -n serialnumber | -S subject )
13
14 .B cimtrust
15 -l [ -i issuer [ -n serialnumber | -S subject ] ]
16
17 .B cimtrust
18 --help
19
20 .B cimtrust
21 --version
22 sushma.fernandes 1.1
23 .SS Remarks
24 The cimtrust command requires that the cimserver is running. This command operates on a truststore on the local system only.
25
26 .SH DESCRIPTION
27 The add option of the cimtrust command adds an X509 certificate \fPfile \fP
28 of a specified \fPtype \fP to the truststore. The \fPcertuser \fPspecifies
29 the username to be associated with the certificate in the file.
30 If no \fPcertuser \fPis specified, the certificate may not be used
31 to authenticate a user.
32 .PP
33 The remove option of the cimtrust command removes the X509 certificate(s)
34 matching the specified
35 .B issuer
36 and either
37 .B serialnumber
38 or
39 .B subject
40 from the truststore.
41 .PP
42 The list option of the cimtrust command lists the X509 certificates
43 sushma.fernandes 1.1 in the truststore. The list can be filtered by
44 .B issuer
45 and either
46 .B serialnumber
47 or
48 .B subject.
49 .PP
50 Certificates in the trust store may be revoked by adding a
51 Certificate Revocation List to the CRL store. For more information
52 on CRL operations see the
53 .B cimcrl(1m)
54 command.
55 .SS Options
56 .B cimtrust
57 recognizes the following options:
58 .RS
59 .TP 15
60 .B -a
61 Adds a certificate to the truststore. If the specified
62 .B file
63 does not contain a valid X509 certificate an error message is returned
64 sushma.fernandes 1.1 and no action is taken. If the X509 certificate already exists
65 in the truststore, an error message is returned.
66 .TP
67 .B -r
68 Removes certificate(s) from the truststore. If the truststore contains
69 multiple certificates matching the specified
70 .B issuer
71 and
72 .B subject,
73 all the matching certificates are removed. If no certificate exists for
74 the specified
75 .B issuer
76 and either
77 .B serialnumber
78 or
79 .B subject
80 , an error message is returned and no action is taken.
81 .TP
82 .B -l
83 Displays the X509 certificates in the truststore.
84 .TP
85 sushma.fernandes 1.1 .B -f file
86 Specifies a PEM format file containing an X509 certificate.
87 .TP
88 .B -U certuser
89 Specifies a username to be associated with the specified certificate.
90 The username specified should be a valid system user on the target system.
91 .TP
92 .B -i issuer
93 Specifies the issuer name of the certificate.
94 .TP
95 .B -n serialnumber
96 Specifies the serial number of the certificate.
97 .TP
98 .B -S subject
99 Specifies the subject name of the certificate.
100 .TP
101 .B -T ( a | e | s )
102 Specifies the type of a certificate. The type must be one of the following:
103
104 authority (a): root/intermediate authority certificates. Certificates of this type are added to the trusted certificate store. The certuser is optional for authority certificates. If no certuser is specified, the certificate may not be used to authenticate a user.
105
106 sushma.fernandes 1.1 authority issued end-entity (e): Certificates of this type are not added to the trusted certificate store. The certuser is required for authority issued end-entity certificates.
107
108 Self-signed identity certificate (s): Certificates of this type are not added to the trusted certificate store. The certuser is required for self-signed identity certificates.
109 .TP
110 .B --help
111 Displays the command help message.
112 .TP
113 .B --version
114 Displays the CIM Server version.
115 .SH EXIT STATUS
116 When an error occurs, an error message is written to the standard error
117 stream and a non-zero exit status value is returned. The following exit
118 status values are defined:
119 .RS
120 .TP
121 .B 0
122 Success
123 .PD
124 .TP
125 .B 1
126 General error
127 sushma.fernandes 1.1 .PD
128 .TP
129 .B 2
130 Connection failed
131 .PD
132 .TP
133 .B 3
134 Connection timed out
135 .PD
136 .TP
137 .B 4
138 Certificate already exists
139 .PD
140 .TP
141 .B 5
142 Certificate does not exist
143 .PD
144 .TP
145 .B 6
146 Invalid system user
147 .PD
148 sushma.fernandes 1.1 .RE
149 .SH EXAMPLES
150 Add the X509 self-signed identity certificate in the cert.pem file and
151 associate it to certuser guest. This certificate will be added to the
152 trusted certificate store:
153
154 cimtrust -a -U guest -f cert.pem -T s
155
156 Add the X509 authority root CA certificate in the ca.pem file with no certuser
157 association. This certificate will be added to the trusted certificate store but
158 may not be used to authenticate a user:
159
160 cimtrust -a -f ca.pem -T a
161
162 Add the X509 authority issued end-entity certificate in the user.pem file and
163 associate it to certuser pegasus. This certificate may be used to authenticate
164 user pegasus but will not be added to the trusted certificate store:
165
166 cimtrust -a -f user.pem -U pegasus -T e
167
168 Remove the certificate matching the specified issuer and serialnumber from
169 sushma.fernandes 1.1 the trust store:
170
171 cimtrust -r -i "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com" -n 01
172
173 Remove the certificate(s) matching the specified issuer and subject from the trust store:
174
175 cimtrust -r -i "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com" -S "/C=US/ST=California/L=Cupertino/O=Smart & Secure/OU=Secure Software Division/CN=dev.admin.ss.com"
176
177 List all the X509 certificates in the trust store:
178
179 cimtrust -l
180
181 .SH SEE ALSO
182 .PP
183 cimserver(8), cimcrl(1m), cimconfig(1m).
|