Skip to main content

security certificate truststore check

Contributors
Suggest changes

Initiate a TLS connection and identify the root CA certificate

Availability: This command is available to cluster and Vserver administrators at the advanced privilege level.

Description

This command allows the user to check if the node can use the installed set of CA certificates to establish a secure connection with the specified server. If the connection attempt fails, the system reports which expected certificates are missing. If the attempt succeeds, the system displays details of the certificates used.

Parameters

-vserver <Vserver Name> - Vserver Name (privilege: advanced)

Use this parameter to specify the Vserver that needs the connectivity check.

-server <Hostname and Port> - Server Name (privilege: advanced)

Use this parameter to specify the server to establish a connection with and look up the required CA certificate.

Examples

The following example demonstrates a missing CA certificate:

cluster1::*> security certificate truststore check -vserver cluster1 -server example.com:443

Error: command failed: Missing certificate with subject name: "CN = ExampleRoot, C = US"

The following example demonstrates the required certificate being present:

cluster1::*> security certificate truststore check -server example.com:443

CA certificate with cert-name "ExampleRoot" is already installed in the truststore. Use "security certificate show -cert-name ExampleRoot" to see the details of the CA certificate.