D.85. tarantella security certinfo

Displays information about an installed SSL certificate (--certfile) or a Certificate Signing Request (--csrfile).

Syntax

tarantella security certinfo
                           [ --certfile certfile [ --keyfile keyfile ] ]
                           [ --full ]
tarantella security certinfo --csrfile csrfile [ --full ]

Description

This command can also check whether a specified private key matches the public key in a particular SSL certificate. In other words, the public key can decrypt text encrypted with the private key.

Use the first form of this command without specifying a certfile and keyfile to check the key and SSL certificate installed using the Section D.87, “tarantella security certuse” command.

The following table shows the available options for this command.

Option

Description

--certfile

Specifies the location of a file containing a server SSL certificate. The command displays information about this certificate, including the following:

  • Information about the server and your organization.

  • Alternative DNS names for the server.

  • Credentials of the CA that validated the server SSL certificate.

  • Dates for which the SSL certificate is valid.

If you omit --certfile, the command displays information about the SSL certificate and key installed in the /opt/tarantella/var/tsp directory.

You must specify the full path to the SSL certificate file. The path must be readable by the ttasys user.

--keyfile

Specifies the location of a private key. The command checks whether a private key matches the public key contained in the SSL certificate file.

You must specify the full path to the key file. The path must be readable by the ttasys user.

--csrfile

Specifies the location of a file containing a CSR. The command displays information about this CSR, including the following:

  • The DNS name, or chosen common name, of the server the CSR is for.

  • Alternative DNS names for the server.

  • Your organization's name and location.

You must specify the full path to the CSR file. The path must be readable by the ttasys user.

--full

Displays more detailed information about the specified SSL certificate or CSR, for example, the contents of the public keys they contain.

Examples

The following example displays detailed information about the SSL certificate in the /opt/certs/newyork.cert file.

# tarantella security certinfo \
--certfile /opt/certs/newyork.cert \
--full

The following example displays information about the SSL certificate in /opt/certs/boston.cert, and checks that the private key /opt/keys/boston.key matches the public key contained in that SSL certificate.

# tarantella security certinfo \
--certfile /opt/certs/boston.cert \
--keyfile /opt/keys/boston.key

The following example displays information about the CSR in /tmp/boston.csr.

# tarantella security certinfo \
--csrfile /tmp/boston.csr