HEX
Server: Apache/2.4.34 (Red Hat) OpenSSL/1.0.2k-fips
System: Linux WORDPRESS 3.10.0-1160.118.1.el7.x86_64 #1 SMP Thu Apr 4 03:33:23 EDT 2024 x86_64
User: digital (1020)
PHP: 7.2.24
Disabled: NONE
$ pwd: /opt/OV/man/man1/
Upload Files
File: //opt/OV/man/man1/ovcert.1M
.\"Generated by nroff_template.wdt (12-Sep-06). Do NOT edit this output file. Instead, edit the source FM+SGML file.
.de Sh \" Subsection
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Ip \" List item
.br
.ie \\n(.$>=3 .ne \\$3
.el .ne 3
.IP "\\$1" \\$2
..
.TH ovcert "" "" ""
.ds )H Hewlett-Packard Company
.ds ]L
.ds ]W June 2007
.SH NAME
ovcert - Manages certificates with the Certificate Client on an HTTPS-based node.
.SH "SYNOPSIS"

.PP
ovcert -h|-help 

.PP
ovcert -importcert -file <\fIfile\fR> [-pass \fI<passphrase>\fR] [-ovrg \fI<ov_resource_group>\fR]  

.PP
ovcert -exportcert -file <\fIfile\fR> [-alias <\fIalias\fR>] [-pass \fI<passphrase>\fR] [-ovrg \fI<ov_resource_group>\fR] 

.PP
ovcert -importtrusted -file <\fIfile\fR> [-ovrg \fI<ov_resource_group>\fR] 

.PP
ovcert -exporttrusted -file <\fIfile\fR> [-alias <\fIalias\fR>] [-ovrg \fI<ov_resource_group>\fR] 

.PP
ovcert -certreq [-instkey \fI<file>\fR [-pass \fI<passphrase>\fR]] 

.PP
ovcert -list [-ovrg \fI<ov_resource_group>\fR] 

.PP
ovcert -remove \fI<alias>\fR [-f] [-ovrg \fI<ov_resource_group>\fR] 

.PP
ovcert -certinfo \fI<alias>\fR [-ovrg \fI<ov_resource_group>\fR] 

.PP
ovcert -check 

.PP
ovcert -status 

.PP
ovcert -updatetrusted 

.PP
ovcert -version 

.SH "DESCRIPTION"

.LP
The ovcert command is used to manage certificates with the Certificate Client on an HTTPS-based node. You can execute tasks such as initiating a new certificate request to the Certificate Server, adding node certificates and importing the private keys, and adding certificates to the trusted root certificates.

.Sh "Parameters"

.LP
The ovcert command incorporates the following options:

.TP
-h|-help

Displays usage help for the ovcert command options.

.TP
-importcert -file \fI<file>\fR [-pass \fI<passphrase>\fR] [-ovrg \fI<ov_resource_group>\fR]

Adds the certificate located in the file \fI<file>\fR (in \fIPKCS12\fR format) as node certificate and imports the private key which must be located in the same file as the private key for the node. The pass phrase for protecting the exported data using encryption specified during creation of the data to import must be specified as parameter \fI<passphrase>\fR.

The optional \fI<ov_resource_group>\fR parameter can be specified to import an additional certificate on an HA system. As a result, the specified certificate will not be imported to the default location but to the HA default location for the specified package on the shared disk.

.TP
-exportcert -file \fI<file>\fR [-alias \fI<alias>\fR] [-pass \fI<passphrase>\fR] [-ovrg \fI<ov_resource_group>\fR] 

Exports the currently installed node certificate together with its private key to the file system location specified as parameter \fI<file>\fR (in \fIPKCS12\fR format). The pass phrase for protecting the exported data using encryption specified during creation of the data to import must be specified as parameter \fI<passphrase>\fR.

The optional \fI<ov_resource_group>\fR parameter can be specified to export an additional certificate on an HA system. As a result, not the default node certificate but the certificate installed for the specified HA package from the shared disk will be exported.

.TP
-importtrusted -file \fI<file>\fR [-ovrg \fI<ov_resource_group>\fR] 

Adds the certificate located in the specified file (in PEM format) to the trusted root certificates.

The optional \fI<ov_resource_group>\fR parameter can be specified to import an additional root certificate on an HA system. As a result, the specified root certificates will not be imported to the default location but to the HA default location for the specified package on the shared disk.

.TP
-exporttrusted -file \fI<file>\fR [-alias \fI<alias>\fR] [-ovrg \fI<ov_resource_group>\fR 

Exports the trusted certificate to the file system location specified as parameter \fI<file>\fR (in PEM format). The pass phrase for protecting the exported data using encryption specified during creation of the data to import must be specified as parameter \fI<passphrase>\fR.

The optional \fI<ov_resource_group>\fR parameter can be specified to export an additional certificate on an HA system. As a result, not the default node certificate but the certificate installed for the specified HA package from the shared disk will be exported.

.TP
-certreq [-instkey \fI<file>\fR [-pass \fI<passphrase>\fR]]

Initiates a new certificate request that is sent to the Certificate Server.

The optional parameters \fI<file>\fR and \fI<passphrase>\fR can be used to initiate a certificate request that will be based on the installation key that is contained in the specified file. Such an installation key file can be generated with the ovcm tool on the certificate server. 

The installation key can be used to authenticate the node on the certificate server. Therefore, such a request may be granted automatically without human interaction.

.TP
-list [-ovrg \fI<ov_resource_group>\fR]

Displays the aliases of the installed certificates andtrusted certificates.

.TP
-certinfo \fI<alias>\fR [-ovrg \fI<ov_resource_group>\fR]

Displays information such as serial number, issuer, subject, and fingerprint for the certificate specified by \fI<alias>\fR.

.TP
-remove \fI<alias>\fR [-ovrg \fI<ov_resource_group>\fR]

Removes the certificate specified by \fI<alias>\fR.

.TP
-check

Checks whether all prerequisites for SSL communication are fulfilled, such as assigned OvCoreId, installed and valid certificate and private key, and installed and valid trusted certificate.

On completion, the components checked and their status along with the final result are displayed.

.TP
-status

Contacts the Certificate Client and displays the current certificate status, which can one of the following possible values: 

- certificate installed

- no certificate

- pending certificate request

- certificate request denied

- undefined (if Certificate Client can not be contacted)

.TP
-updatetrusted

Retrieves the currently trusted certificates from the Certificate Server and installs them as trusted certificates on the node.

.TP
-version

Returns the version of the tool (the component version).

.SH "AUTHOR"

.LP
ovcert was developed by Hewlett-Packard Company.

.SH "EXIT STATUS"

.LP
The following exit values are returned:

.TP
0

All steps were successful.

.TP
1

One or more steps were not successful.

.LP
Corresponding error messages are written to stderror.

.SH "EXAMPLES"

.LP
The following examples show how to use the ovcert command:

.TP 3
\(bu 
To import the certificate, private key, and trusted certificates located in the file <\fIfile\fR> to the system's key store:

ovcert -importcert -file \fI<file>\fR

.TP
\(bu 
To add the certificate(s) located in <\fIfile\fR> to the trusted certificates:

ovcert -importtrusted -file \fI<file>\fR
.LP
@ Telegram