You can check to see who has a certificate in a specified data set. The CHKCERT command determines whether the digital certificate in the specified data set has been added to the CA Top Secret security file and associated with an ACID.
Note: The CHKCERT command is the only way to display the ALTNAME parameter for a certificate. Only one domain name is displayed, even though multiple domain names exist.
To determine the association details of a certificate, enter the following command:
TSS CHKCERT DCDSN(request_dataset_name)
PKCSPASS(pksc12_password)
DUMP
CHAIN
Specifies the name of an optional data set that contains the PKCS#12 certificate request data. The request data set name can be the output from a TSS GENREQ command. The request data contains the user's generated public key and X.509 distinguished name. The request data must be signed, DER‑encoded, and then Base64-encoded according to PKCS#12 standard.
Specifies a case-sensitive PKCS‑password that can contain blanks.
Range: Up to 255 characters
(Optional) Displays the contents of the user certificate in hexadecimal format.
Displays information for each certificate in the chain of the input data set and displays the following summary Information as applicable:
Important! Passwords associated with PKCS#12 certificates are not viewable. It is the CA Top Secret administrator's responsibility to keep track of the PKCS#12 password that is assigned to the digital certificate.
Example: Display Certificate Associations
This example uses the DCDSN keyword to specify a certificate package:
TSS CHKCERT DCDSN(reipa02.user2.cert2)
The product reviews each certificate in the package. If a certificate is in the database, the product lists the user and ID to which the certificate is defined.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|