Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Querying Certificate Information

Go to the tool installation directory and run the following command to query certificate information:

./tools/haf-tool cert --view --type <cert_info>

Table 1 Parameter description

Option

Description

Mandatory

--view

Keywords for querying certificate information.

Yes

--type <cert_info>

Type of the certificate information to be queried. For details, see Table 2.

No
Table 2 Type of the certificate information

Type

Description

serial

Queries the serial number of the certificate, which is the unique identifier of the certificate issued by the CA server.

issuer

Issuer information, including the country/region and organization.

subject

Receiver information, including the country/region and organization.

dates

Validity period, including the time when the certificate takes effect and the time when the certificate expires.

startdate

Time when the certificate takes effect.

enddate

Time when the certificate expires.

pubkey

Public key of the certificate.

purpose

Certificate validity scope, for example, whether the certificate can be used for the requested purpose.

verify

Checks whether the certificate chain of the current node is correct.
The following steps use the offload nodes with the HAF service as an example. For host nodes and the offload nodes with the HAF library, perform similar steps. Use SmartKit to update the certificate on the server or client node. The commands are as follows:

Parameter

Description

Task Name

Querying certificate information of nodes

Task Description

Querying certificate information of offload nodes

Run Directory

/home/omm/haf-install/haf-target

Run Command

echo password | /home/omm/haf-install/haf-target/tools/haf-tool cert --view --type cert_info

Whether to Check Return Code

Yes

Expected Return Code

0

crt_view.sh is the internal script for querying a certificate. It is stored in haf-tool/scripts of the installation directory and is invoked by haf_tool. The internal invoking commands are as follows:

cd tools/scripts

./crt_view.sh -t <cert_path> -k <info_type>

After the command is executed, manually enter the password for logging in to the remote server.

Table 3 Parameter description

Option

Description

Mandatory

-t <cert_path>

Path for storing the certificate. haf-tool uses the cert_path parameter in the configuration file to invoke this path.

Yes

-k <info_type>

Keywords of the certificate to be queried, including serial, issuer, subject, dates, startdate, enddate, verify, pubkey, and purpose. Multiple keywords are separated by commas (,).

Yes
  • crt_view.sh is an internal tool of the software. You are not advised to invoke it independently.
  • If no keyword is specified when haf-tool invokes this script, all information is queried by default.
Parent topic: Service Management