1cimtrust(8)                 System Manager's Manual                cimtrust(8)
2
3
4

NAME

6       cimtrust  - Add, remove or list X509 certificates in a PEM format trust
7       store.
8

SYNOPSIS

10       cimtrust -a [ -U certuser ] -f file -T ( a | e | s )
11
12       cimtrust -r -i issuer ( -n serialnumber | -S subject )
13
14       cimtrust -l [ -i issuer [ -n serialnumber | -S subject ] ]
15
16       cimtrust --help
17
18       cimtrust --version
19
20
21   Remarks
22       The cimtrust command requires that the cimserver is running. This  com‐
23       mand operates on a truststore on the local system only.
24
25

DESCRIPTION

27       The add option of the cimtrust command adds an X509 certificate file of
28       a specified type  to the truststore. The certuser specifies  the  user‐
29       name to be associated with the certificate in the file.  If no certuser
30       is specified, the certificate may not be used to authenticate a user.
31
32       The remove option of the cimtrust command  removes  the  X509  certifi‐
33       cate(s)  matching  the specified issuer and either serialnumber or sub‐
34       ject from the truststore.
35
36       The list option of the cimtrust command lists the X509 certificates  in
37       the  truststore.  The list can be filtered by issuer and either serial‐
38       number or subject.
39
40       Certificates in the trust store may be revoked by adding a  Certificate
41       Revocation  List  to  the CRL store. For more information on CRL opera‐
42       tions see the cimcrl(8) command.
43
44   Options
45       cimtrust recognizes the following options:
46
47              -a             Adds a certificate to  the   truststore.  If  the
48                             specified file does not contain a valid X509 cer‐
49                             tificate an error  message  is  returned  and  no
50                             action  is taken. If the X509 certificate already
51                             exists in the truststore,  an  error  message  is
52                             returned.
53
54              -r             Removes  certificate(s)  from  the truststore. If
55                             the  truststore  contains  multiple  certificates
56                             matching  the  specified  issuer and subject, all
57                             the matching certificates are removed. If no cer‐
58                             tificate  exists  for  the  specified  issuer and
59                             either serialnumber or subject , an error message
60                             is returned and no action is taken.
61
62              -l             Displays the X509 certificates in the truststore.
63
64              -f file        Specifies  a  PEM  format file containing an X509
65                             certificate.
66
67              -U certuser    Specifies a username to be  associated  with  the
68                             specified  certificate.   The  username specified
69                             should be a valid system user on the target  sys‐
70                             tem.
71
72              -i issuer      Specifies the issuer name of the certificate.
73
74              -n serialnumber
75                             Specifies the serial number of the certificate.
76
77              -S subject     Specifies the subject name of the certificate.
78
79              -T ( a | e | s )
80                             Specifies  the  type  of  a certificate. The type
81                             must be one of the following:
82
83                             authority (a): root/intermediate  authority  cer‐
84                             tificates. Certificates of this type are added to
85                             the trusted certificate store.  The  certuser  is
86                             optional  for authority certificates.  If no cer‐
87                             tuser is specified, the certificate  may  not  be
88                             used to authenticate a user.
89
90                             authority  issued end-entity (e): Certificates of
91                             this type are not added to the  trusted  certifi‐
92                             cate  store. The certuser is required for author‐
93                             ity issued end-entity certificates.
94
95                             Self-signed identity  certificate  (s):  Certifi‐
96                             cates  of this type are added to the trusted cer‐
97                             tificate store.  The  certuser  is  required  for
98                             self-signed identity certificates.
99
100              --help         Displays the command help message.
101
102              --version      Displays the CIM Server version.
103

EXIT STATUS

105       When an error occurs, an error message is written to the standard error
106       stream and a non-zero exit status value is returned. The following exit
107       status values are defined:
108
109              0      Success
110
111              1      General error
112
113              2      Connection failed
114
115              3      Connection timed out
116
117              4      Certificate already exists
118
119              5      Certificate does not exist
120
121              6      Invalid system user
122

EXAMPLES

124       Add  the X509 self-signed identity certificate in the cert.pem file and
125       associate it to certuser guest. This certificate will be added  to  the
126       trusted certificate store:
127
128       cimtrust -a -U guest -f cert.pem -T s
129
130       Add  the  X509 authority root CA certificate in the ca.pem file with no
131       certuser association. This certificate will be  added  to  the  trusted
132       certificate store but may not be used to authenticate a user:
133
134       cimtrust -a -f ca.pem -T a
135
136       Add  the  X509  authority issued end-entity certificate in the user.pem
137       file and associate it to certuser pegasus. This certificate may be used
138       to  authenticate user pegasus but will not be added to the trusted cer‐
139       tificate store:
140
141       cimtrust -a -f user.pem -U pegasus -T e
142
143       Remove the certificate matching the specified issuer  and  serialnumber
144       from the trust store:
145
146       cimtrust     -r     -i    "/C=US/ST=California/L=Cupertino/O=Smart    &
147       Secure/OU=Secure Software Division/CN=dev.admin.ss.com" -n 01
148
149       Remove the certificate(s) matching the  specified  issuer  and  subject
150       from the trust store:
151
152       cimtrust     -r     -i    "/C=US/ST=California/L=Cupertino/O=Smart    &
153       Secure/OU=Secure     Software     Division/CN=dev.admin.ss.com"      -S
154       "/C=US/ST=California/L=Cupertino/O=Smart  &  Secure/OU=Secure  Software
155       Division/CN=dev.admin.ss.com"
156
157       List all the X509 certificates in the trust store:
158
159       cimtrust -l
160
161

SEE ALSO

163       cimserver(8), cimcrl(8), cimconfig(8).
164
165
166
167                                                                   cimtrust(8)
Impressum