NAME
ovcert
- manage certificates with the Certificate Client on an HTTPS-based node.
SYNOPSIS
ovcert -h|-help
ovcert -importcert -file <file
> [-pass<passphrase>
] [-ovrg<ov_resource_group>
]
ovcert -exportcert -file <file
> [-alias <alias
>] [-pass<passphrase>
] [-ovrg<ov_resource_group>
]
ovcert -importtrusted -file <file
> [-ovrg<ov_resource_group>
]
ovcert -exporttrusted -file <file
> [-alias <alias
>] [-ovrg<ov_resource_group>
]
ovcert -certreq [-instkey<file>
[-pass<passphrase>
]]
ovcert -list [-ovrg <ov_resource_group>
]
ovcert -remove<alias>
[-f] [-ovrg<ov_resource_group>
]
ovcert -certinfo<alias>
[-ovrg<ov_resource_group>
]
ovcert -check
ovcert -status
ovcert -updatetrusted
ovcert -version
DESCRIPTION
You can use the ovcert
command to manage
certificates with the Certificate Client on an HTTPS-based node.
You can execute tasks, such as initiating a new certificate request
to the Certificate Server, adding node certificates and importing
the private keys, and adding certificates to the trusted root
certificates.
Parameters
The ovcert
command incorporates the following
options:
-h|-help
ovcert
command
options.
-importcert -file
<file>
[-pass
<passphrase>
]
[-ovrg
<ov_resource_group>
]
<file>
(in PKCS12 format) as a node
certificate, and imports the private key (which must be located in
the same file as the private key for the node). You must specify
the pass phrase for protecting the exported data, using encryption
specified during creation of the data to import, as the parameter
<passphrase>
.
You can specify the optional
<ov_resource_group>
parameter to import
an additional certificate on an HA system. As a result, the
specified certificate is not imported to the default location but
to the HA default location for the specified package on the shared
disk.
<file>
[-alias
<alias>
] [-pass
<passphrase>
] [-ovrg
<ov_resource_group>
]<file>
(in PKCS12 format). You
must specify the pass phrase for protecting the exported data,
using encryption specified during creation of the data to import,
as the parameter <passphrase>
.
You can specify the optional
<ov_resource_group>
parameter to export
an additional certificate on an HA system. As a result, the
certificate for the specified HA package from the shared disk,
rather than the default node certificate, is exported.
-importtrusted -file
<file>
[-ovrg
<ov_resource_group>
]
You can specify the optional
<ov_resource_group>
parameter to import
an additional root certificate on an HA system. As a result, the
specified root certificates is imported to the HA default location
for the specified package on the shared disk, rather than to the
default location.
-exporttrusted -file
<file>
[-alias
<alias>
] [-ovrg
<ov_resource_group>
<file>
(in PEM
format). You must specify the pass phrase for protecting the
exported data, using encryption specified during the creation of
the data to import, as the parameter
<passphrase>
.
You can specify the optional
<ov_resource_group>
parameter to export
an additional certificate on an HA system. As a result, the
certificate installed for the specified HA package from the shared
disk, rather than the default node certificate, is exported.
-certreq [-instkey
<file>
[-pass
<passphrase>
]]
You can use the optional parameters
<file>
and
<passphrase>
to initiate a certificate
request, based on the installation key that is contained in the
specified file. You can generated such an installation key file
with the ovcm
tool on the certificate server.
You can use the installation key to authenticate the node on the certificate server. Such a request may be granted automatically, without human interaction.
-list [-ovrg
<ov_resource_group>
]
-certinfo
<alias>
[-ovrg
<ov_resource_group>
]
<alias>
.
-remove
<alias>
[-ovrg
<ov_resource_group>
]
<alias>
.
-check
On completion, it displays the components checked and their status, as well as the final result.
-status
-updatetrusted
-version
AUTHOR
ovcert
was developed by Hewlett-Packard
Company.
EXIT STATUS
The following exit values are returned:
Corresponding error messages are written to stderror.
EXAMPLES
The following examples show how to use the ovcert
command:
file
>
to the system's key store:
ovcert -importcert -file
<file>
file
> to the trusted certificates:
ovcert -importtrusted -file
<file>