D.87. tarantella security certuse

Installs a server SSL certificate, or specifies the location of a previously installed SSL certificate, to be used by SGD security services.

Syntax

tarantella security certuse
tarantella security certuse --certfile cfile [ --keyfile kfile ]

Description

SSL certificates must be Base 64-encoded Privacy Enhanced Mail (PEM) format, with a header line including "BEGIN CERTIFICATE", as used by OpenSSL.

If no arguments are specified, this command reads the SSL certificate from standard input and installs it in /opt/tarantella/var/tsp.

After installing an SSL certificate, you must restart SGD using the tarantella restart command.

The following table shows the available options for this command.

Option

Description

--certfile

Specifies the location of a file containing the SSL certificate. If no --keyfile argument is specified, SGD assumes that the Section D.86, “tarantella security certrequest” command was used to generate the private key.

You can use this option as follows:

  • To tell SGD about an SSL certificate you have already installed for use with another product, such as a web server. In this case, SGD makes symbolic links to, not copies of, the SSL certificate file and key file, if specified.

  • To install an SSL certificate received from a CA after generating a CSR using Section D.86, “tarantella security certrequest”. In this case, SGD installs the SSL certificate in /opt/tarantella/var/tsp for use with SGD security services.

You must specify the full path to the SSL certificate file. The path must be readable by the ttasys user.

--keyfile

Specifies the location of a file containing the private key for the SSL certificate specified by --certfile.

Use this option to tell SGD about a private key you have already. If you used the Section D.86, “tarantella security certrequest” command to generate a CSR and obtain an SSL certificate, you do not need to use this option.

You must specify the full path to the key file. The path must be readable by the ttasys user.

Examples

The following command installs an SSL certificate, which is saved in a temporary file /tmp/cert, and uses the private key generated when the Section D.86, “tarantella security certrequest” command was used to generate the CSR:

# tarantella security certuse < /tmp/cert

The following command installs an SSL certificate, which is stored in /opt/certs/cert, and a private key, which is stored in /opt/keys/key. The Section D.86, “tarantella security certrequest” command was not used to generate the CSR.

# tarantella security certuse \
--certfile /opt/certs/cert \
--keyfile /opt/keys/key