D.88. tarantella security customca

Installs or removes a root certificate for a custom CA for use with SGD security services.


tarantella security customca
tarantella security customca --rootfile carootfile | --remove


CA certificates must be Base 64-encoded PEM-format, with a header line including "BEGIN CERTIFICATE", as used by OpenSSL.

If no arguments are specified, this command reads the root certificate from standard input.

The following table shows the available options for this command.




Specifies the location of a file containing the CA's root certificate. Details are copied to /opt/tarantella/var/tsp for use by SGD security services.

You must specify the full path to the root certificate file. The path must be readable by the ttasys user.


Removes any custom CA's root certificate currently installed for use with SGD security services.

This command also imports the CA certificate into the CA certificate truststore for the SGD server. This is the /opt/tarantella/bin/jre/lib/security/cacerts file.


The following example installs a CA's root certificate from the file/tmp/rootcert, which you can then delete.

# tarantella security customca --rootfile /tmp/rootcert