Synopsis
cmentcert FileName [-ed Environment-directory ] [-nv] [-ca|-own] [-nn NickName] |
Description
The cmentcert command registers certificates in the certificate/key management environment. Options that can be specified are shown below.
Options
FileName
Specify the full path of the filename (FileName) where certificate data to be registered is stored.
DER and BASE64 format files can be specified.
-ed Environment-directory
Specify the full path of the operation management directory (Environment-directory). If this option is omitted, the information set in the "CMIPATH" environment variable takes effect.
-nv
Specify this option if certificate verification is not performed during registration. If this option is specified, invalid certificates can be registered, so do not specify this option.
-ca
Specify this option if the certificate to be registered is a certificate issued by the Certificate Authority or an intermediate CA (intermediate Certificate Authority).
-own
Specify this option if the certificate to be registered is a site certificate issued for yourself.
-nn NickName
Specify the nickname (NickName) to identify the certificate. A nickname must be specified to register the certificate that is used for SSL communications. Spaces cannot be specified at the start or end of the character string. Also, nicknames that are already being used cannot be specified.
Command Location
Windows | %CommonProgramFiles%\Fujitsu Shared\F3FSSMEE |
Solaris | /opt/FJSVsmee/bin |
Linux | /opt/FJSVsmee/bin |
Linux x64 | /opt/FJSVsmee64/bin |
Cautions
Certificates must be registered in sequence, starting from the root CA certificate.
If a BASE64 format certificate is specified in the certificate file, and if the header and footer shown below are attached, that line is skipped. Note that, if the format is other than as shown below, the command ends with an error. Also, if the specified certificate file contains multiple certificates, only the first data is targeted.
Header: -----Line starting with BEGIN
Footer: -----Line starting with END
An example of certificate data in BASE64 format is shown below:
-----BEGIN CERTIFICATE----- |
Either the -ca option or the -own option must be specified. If these are omitted, the certificate will be registered as another person's certificate, and therefore is invalid for Web servers.
