D.88. tarantella security customca

Installs or removes a root certificate for a custom CA for use with SGD security services.

Syntax

tarantella security customca
tarantella security customca --rootfile carootfile | --remove

Description

CA certificates must be Base 64-encoded PEM-format, with a header line including "BEGIN CERTIFICATE", as used by OpenSSL.

If no arguments are specified, this command reads the root certificate from standard input.

The following table shows the available options for this command.

Option

Description

--rootfile

Specifies the location of a file containing the CA's root certificate. Details are copied to /opt/tarantella/var/tsp for use by SGD security services.

You must specify the full path to the root certificate file. The path must be readable by the ttasys user.

--remove

Removes any custom CA's root certificate currently installed for use with SGD security services.

This command also imports the CA certificate into the CA certificate truststore for the SGD server. This is the /opt/tarantella/bin/jre/lib/security/cacerts file.

Examples

The following example installs a CA's root certificate from the file/tmp/rootcert, which you can then delete.

# tarantella security customca --rootfile /tmp/rootcert