Options
|
-a [-c ca-file] |
--a ( add) option places new certificates into the trusted Certificate Authority database. The ca-file is an X.509 certificate which is either self-signed or signed by an existing trusted CA in this CA database. Note: The add option does not copy over a CA certificate if it already exists in the CA database. |
|
-e [-s ca-slot] |
The extract command writes the CA certificate in the specified slot number to the standard output. If the output is redirected to a file, the file is suitable for the skipca -a command. |
|
-i [-qo] |
Prior to use, the CA database must be initialized. The init option creates the database. The init option does not delete any of the CA certificates present when issued for an existing database. Use the init option with the -o operand to forcibly reinitialize the data base, destroying any existing certificates. The init option with the -q operand tells init to be as quiet as possible about initialization. |
|
-l [-VvxL] [-s ca-slot] |
The list option provides a listing of all the certificates in the CA database by slot number, Issuer, and Subject. If a slot number is specified, only the CA Certificate for that slot is printed. The -L flag enables printing of the Certificate validity periods. -v enables a verbose display of the entire certificate. If -V is specified, the output is displayed in a machine parseable manner. If -x is specified the manual revocation list for that CA is display. |
|
-R [-s ca-slot] [-S serialnumber] |
Each CA maintains a list of certificates which have been revoked by the user. This is different from a traditional CRL as it is not distributed by the CA and is manually maintained. The revoke command allows the user to add certificates to the per-CA list of revoked certificates. ca-slot specifies which CA to operate on. The ca-slot may be obtained through the skipca -l command. serialnumber is the serial number of the certificate which you wish revoke. Each X.509 Certificate produced by a CA is numbered uniquely with a serial number. |
|
-U [-s ca-slot] [-S serialnumber] |
The unrevoke command removes hosts from the per CA revocation list. ca-slot and serialnumber are the same as the arguments for the revoke command. |
|
-r[-s ca-slot] |
The -r option deletes the CA certificate in the specified slot number. |
- © 2010, Oracle Corporation and/or its affiliates