HP Operations Manager for Windows

ovcert


NAME

ovcert

- manage certificates with the Certificate Client on an HTTPS-based node.

SYNOPSIS

ovcert -h|-help 
ovcert -importcert -file <file> [-pass <passphrase>] [-ovrg <ov_resource_group>]  
ovcert -exportcert -file <file> [-alias <alias>] [-pass <passphrase>] [-ovrg <ov_resource_group>] 
ovcert -importtrusted -file <file> [-ovrg <ov_resource_group>] 
ovcert -exporttrusted -file <file> [-alias <alias>] [-ovrg <ov_resource_group>] 
ovcert -certreq [-instkey <file> [-pass <passphrase>]] 
ovcert -list [-ovrg <ov_resource_group>] 
ovcert -remove <alias> [-f] [-ovrg <ov_resource_group>] 
ovcert -certinfo <alias> [-ovrg <ov_resource_group>] 
ovcert -check 
ovcert -status 
ovcert -updatetrusted 
ovcert -version 

DESCRIPTION

You can use the ovcert command to manage certificates with the Certificate Client on an HTTPS-based node. You can execute tasks, such as initiating a new certificate request to the Certificate Server, adding node certificates and importing the private keys, and adding certificates to the trusted root certificates.

Parameters

The ovcert command incorporates the following options:

-h|-help
Displays usage help for the ovcert command options.

-importcert -file <file> [-pass <passphrase>] [-ovrg <ov_resource_group>]
Adds the certificate located in the file <file> (in PKCS12 format) as a node certificate, and imports the private key (which must be located in the same file as the private key for the node). You must specify the pass phrase for protecting the exported data, using encryption specified during creation of the data to import, as the parameter <passphrase>.

You can specify the optional <ov_resource_group> parameter to import an additional certificate on an HA system. As a result, the specified certificate is not imported to the default location but to the HA default location for the specified package on the shared disk.

-exportcert -file <file> [-alias <alias>] [-pass <passphrase>] [-ovrg <ov_resource_group>]
Exports the currently installed node certificate together with its private key to the file system location specified as the parameter <file> (in PKCS12 format). You must specify the pass phrase for protecting the exported data, using encryption specified during creation of the data to import, as the parameter <passphrase>.

You can specify the optional <ov_resource_group> parameter to export an additional certificate on an HA system. As a result, the certificate for the specified HA package from the shared disk, rather than the default node certificate, is exported.

-importtrusted -file <file> [-ovrg <ov_resource_group>]
Adds the certificate located in the specified file (in PEM format) to the trusted root certificates.

You can specify the optional <ov_resource_group> parameter to import an additional root certificate on an HA system. As a result, the specified root certificates is imported to the HA default location for the specified package on the shared disk, rather than to the default location.

-exporttrusted -file <file> [-alias <alias>] [-ovrg <ov_resource_group>
Exports the trusted certificate to the file system location specified as the parameter <file> (in PEM format). You must specify the pass phrase for protecting the exported data, using encryption specified during the creation of the data to import, as the parameter <passphrase>.

You can specify the optional <ov_resource_group> parameter to export an additional certificate on an HA system. As a result, the certificate installed for the specified HA package from the shared disk, rather than the default node certificate, is exported.

-certreq [-instkey <file> [-pass <passphrase>]]
Initiates a new certificate request that is sent to the Certificate Server.

You can use the optional parameters <file> and <passphrase> to initiate a certificate request, based on the installation key that is contained in the specified file. You can generated such an installation key file with the ovcm tool on the certificate server.

You can use the installation key to authenticate the node on the certificate server. Such a request may be granted automatically, without human interaction.

-list [-ovrg <ov_resource_group>]
Displays the aliases of the installed certificates and trusted certificates.

-certinfo <alias> [-ovrg <ov_resource_group>]
Displays information (for example, serial number, issuer, subject, and fingerprint) for the certificate specified by <alias>.

-remove <alias> [-ovrg <ov_resource_group>]
Removes the certificate specified by <alias>.

-check
Checks whether all prerequisites for SSL communication are fulfilled (for example, assigned OvCoreId, installed and valid certificate and private key, and installed and valid trusted certificate).

On completion, it displays the components checked and their status, as well as the final result.

-status
Contacts the Certificate Client, and displays the current certificate status, which can one of the following possible values:
-updatetrusted
Retrieves the currently trusted certificates from the Certificate Server, and installs them as trusted certificates on the node.

-version
Returns the version of the tool (the component version).

AUTHOR

ovcert was developed by Hewlett-Packard Company.

EXIT STATUS

The following exit values are returned:

0
All steps were successful.

1
One or more steps were not successful.

Corresponding error messages are written to stderror.

EXAMPLES

The following examples show how to use the ovcert command: