security certificate truststore check
Initiate a TLS connection and identify the root CA certificate
Availability: This command is available to cluster and Vserver administrators at the advanced privilege level.
Description
This command allows the user to check if the node can use the installed set of CA certificates to establish a secure connection with the specified server. If the connection attempt fails, the system reports which expected certificates are missing. If the attempt succeeds, the system displays details of the certificates used.
Parameters
-vserver <Vserver Name>
- Vserver Name (privilege: advanced)-
Use this parameter to specify the Vserver that needs the connectivity check.
-server <Hostname and Port>
- Server Name (privilege: advanced)-
Use this parameter to specify the server to establish a connection with and look up the required CA certificate.
Examples
The following example demonstrates a missing CA certificate:
cluster1::*> security certificate truststore check -vserver cluster1 -server example.com:443 Error: command failed: Missing certificate with subject name: "CN = ExampleRoot, C = US"
The following example demonstrates the required certificate being present:
cluster1::*> security certificate truststore check -server example.com:443 CA certificate with cert-name "ExampleRoot" is already installed in the truststore. Use "security certificate show -cert-name ExampleRoot" to see the details of the CA certificate.