Secure Global Desktop 4.31 Administration Guide > Commands > The tarantella security certinfo command

The tarantella security certinfo command

Syntax

tarantella security certinfo  [ --certfile certfile [ --keyfile keyfile ] ]
                              [ --checkkey ] [ --full ]

tarantella security certinfo --csrfile csrfile [ --full ]

Description

Displays information about an installed X.509 certificate (first form) or a Certificate Signing Request (second form).

This command can also check whether a specified private key matches the public key (that is, the public key can decrypt text encrypted with the private key) in a particular certificate.

Use the first form of this command without specifying a certfile and keyfile to check keys and certificates you've already installed using the tarantella security certuse command.

Argument	Description
`--certfile certfile`	Specifies the location of a file containing an X.509 certificate. The command displays information about this certificate, including: Information about the server and your organization. Credentials of the Certificate Authority (CA) that validated the certificate. Dates for which the certificate is valid. You must specify the full path to `certfile`.
`--keyfile keyfile`	Specifies the location of a private key. You must specify the full path to `keyfile`.
`--checkkey`	Checks whether a particular private key matches the public key contained in the X.509 certificate specified in `certfile`. If you specify both `--certfile` and `--keyfile`, the command checks that the specified private key in `keyfile` matches the public key in the `certfile`. If you only specify `--certfile`, the command assumes that `certfile` contains both a certificate and a private key, and checks that that private key matches the public key in the certificate. If you omit both `--certfile` and `--keyfile`, the command checks the certificate and private key installed in the `/opt/tarantella/var/tsp` directory.
`--csrfile csrfile`	Specifies the location of a file containing a Certificate Signing Request. The command displays information about this CSR, including: The DNS name (or chosen common name) of the server the CSR is for. Your organization's name and location. You must specify the full path to `csrfile`.
`--full`	Displays more detailed information about the specified certificate or CSR -- the contents of the public keys they contain, for example.

Note The --certfile, --keyfile and --csrfile

Examples

tarantella security certinfo \
  --certfile /opt/certs/newyork.cert \
  --full

Displays detailed information about the certificate in /opt/certs/newyork.cert.

tarantella security certinfo \
  --certfile /opt/certs/boston.cert \
  --keyfile /opt/keys/boston.key \
  --checkkey

Displays information about the certificate in /opt/certs/boston.cert, and checks that the private key /opt/keys/boston.key matches the public key contained in that certificate.

tarantella security certinfo \
  --csrfile /tmp/boston.csr

Displays information about the CSR in /tmp/boston.csr.

Related topics
Obtaining and installing an X.509 certificate What are X.509 certificates and why do I need one?