Digital Certificates › General Rules › List Digital Certificate Information

List Digital Certificate Information

To list information about a digital certificate, you can identify the digital certificate through the following information:

• Certificate name or label
• Certificate serial number and issuer's distinguished name
• Certificate segment data

To list the information about a certificate, enter the following command:

TSS LIST(acid|CERTAUTH|CERTSITE) [LABLCERT('label_name')]
               [DIGICERT(name)]
               [SERIALNUM(serial_number)] 
               [ISSUERDN(issuer_distinguished_name)]
               [SEGMENT(certdata)]
               [SEGMENT(ALL)]
               [KEYRING(name)]
               [LABLRING(name)]
               [CHAIN]

For each certificate, the command displays the following information:

• Serial number
• Issuer's distinguished name
• Label
• Status
• Validity dates
• Private key size (If private key is present)
• Private key type (if private key is present) or NONE (if there is no private key)
• PKDS label (if private key is present)
• Keyrings (if private key is present)
• Keyusage
• Altname
• Subject's name as found in the certificate itself (up to 255 bytes if the SDNSIZE(255) control option is specified or up to 1024 bytes if the SDNSIZE(1024) control option is specified)
• Certificate flags

  A "GENREQ" flag specification indicates that the CERTDATA record has been the target of a GENREQ command. We recommend not using the REPLACE command to turn on this indicator. REMOVE processing and ROLLOVER (NEWLABLC or NEWDIGIC) processing will not work against certificates that have the GENREQ indicator on. You can bypass the check for GENREQ by specifying the FORCE operand of either command. You can turn off the GENREQ indicator in the following situations:

  • You specified GENREQ when REKEY was intended.
  • You specified REKEY when GENREQ was intended.

  To turn off the GENREQ indicator, specify REPLACE(acid) CERTFLAG(NOGENREQ).

  During normal processing, inserting a signed certificate over the GENREQ’d certificate turns off the GENREQ indicator.

Example: List All ACIDs and Associated Digital Certificates

This example lists all ACIDs and the digital certificates associated with them on a system:

TSS LIST(ACIDS) DIGICERT(ALL)

Example: List All ACIDs and Associated Keyrings

This example lists all ACIDs and the keyrings associated with them on a system:

TSS LIST(ACIDS) KEYRING(ALL)

Example: List Associated SEGMENT Information for an ACID

This example lists the associated SEGMENT information for a specific ACID:

TSS LIST(USER01) SEGMENT(CERTDATA)

TSS LIST(USER01) SEGMENT(RINGDATA)

TSS LIST(USER01) SEGMENT(ALL)

Example: List the Associated DIGICERT for an ACID

This example lists the associated DIGICERT for a specific ACID. The command must contain the name of the DIGICERT or KEYRING already associated with the ACID:

TSS LIST(USER01) DIGICERT(CERT001)

or

TSS LIST(USER01) KEYRING(ACCTRING)

Example: List the Digital Certificates Associated with an ACID

This example lists the digital certificates associated with an ACID. The command must contain the name of the ACID:

TSS LIST(USER01) DIGICERT(ALL)

Example: List All Keyrings Associated with an ACID

This example lists all keyrings associated with an ACID. The command must contain the name of the ACID:

TSS LIST(USER01) KEYRING(ALL)