Maintaining and Troubleshooting Avaya Analytics™ for Avaya Oceana®

Certificate Manager commands

Last Updated : Jan 21, 2021 |


Command	Description
`ccmcertmgr --help`	Gives a list of all the sub-commands available for Certificate Manager operations.
`ccmcertmgr <-id\|--identity-certs>`	Gives the list of all identity certificates.
`ccmcertmgr --service-identity-certs <serviceID>`	Gets identity certificate details of a given service. If you do not have the service ID, you can find it by running the `ccmcertmgr <-id\|--identity-certs>` command.
`ccmcertmgr --renew-service-identity-cert <serviceID>`	Renews the identity certificate of a given service. Renewal is only allowed if a given certificate is issued by the Certificate Manager CA. Renewal retains all the attributes of a certificate. If you do not have the service ID, you can find it by running the `ccmcertmgr <-id\|--identity-certs>` command.
`ccmcertmgr --replace-service-identity-cert <serviceID> <certInfoFile>`	Generates and replaces the identity certificate using the certificate attributes specified in the certInfo file. If you do not have the service ID, you can find it by running the `ccmcertmgr <-id\|--identity-certs>` command. The following is a sample certInfo file: `{"commonName": "certmgmt-agent-certificate-document-idcert-cms", "keySize": "2048", "keyAlgorithm": "RSA", "subjectAltName": "dNSName=certmgmt-loadbalancer-service", "subject": "CN=certmgmt-loadbalancer-service, C=US, OU=MGMT, O=AVAYA"}`
`ccmcertmgr --generate-service-csr <serviceID> <certInfoFile>`	Generates a Certificate Signing Request (CSR) for a service. If you do not have the service ID, you can find it by running the `ccmcertmgr <-id\|--identity-certs>` command. The following is a sample certInfo file: `{"commonName": "certmgmt-agent-certificate-document-idcert-cms", "keySize": "2048", "keyAlgorithm": "RSA", "subjectAltName": "dNSName=certmgmt-loadbalancer-service", "subject": "CN=certmgmt-loadbalancer-service, C=US, OU=MGMT, O=AVAYA"}`
`ccmcertmgr --import-pem-service-identity-cert <serviceID> <certFile>`	Imports the identity certificate of a service, which is created by signing the CSR generated by the `ccmcertmgr --generate-service-csr <serviceID> <certInfoFile>` command. If you do not have the service ID, you can find it by running the `ccmcertmgr <-id\|--identity-certs>` command. CertFilefromcsr.txt should contain the PEM-formatted identity certificate chain signed by the external CA.
`ccmcertmgr --import-service-identity-cert <serviceID> <certFile>`	Imports an external CA signed identity certificate for a service. `base64 -w 0 weblmserver.p12` is an example of the command you can run to get the certificate file text. In this example command, `weblmserver` is the third-party certificate file in P12 format from the third-party CA. This command converts the certificate file from the P12 format to the Base64 format. If you do not have the service ID, you can find it by running the `ccmcertmgr <-id\|--identity-certs>` command. The following is a sample certificate file: `{"base64PKCS12FileText": "<base64pkcs>", "storePassword": "password", "keyPassword": "password", "external": true}` In this sample, `"<base64pkcs>"` is the output of the `base64 -w 0 weblmserver.p12` example command described above.
`ccmcertmgr <-ts \| --trusted-stores>`	Lists all trusted stores managed by Certificate Manager.
`ccmcertmgr <-ti \| --trust-store-info> <serviceID>`	Gives trusted store details for a specified service ID. If you do not have the service ID, you can find it by running the `ccmcertmgr <-ts \| --trusted-stores>` command.
`ccmcertmgr <-tc \| --trusted-certs> <serviceID>`	Lists all CA certificates present in a trusted store. If you do not have the service ID, you can find it by running the `ccmcertmgr <-ts \| --trusted-stores>` command.
`ccmcertmgr --add-trustcert <serviceID> <certFile>`	Adds a trusted certificate to the specified trust store. The certificate file (`<certFile>`) contains the certificate in the Base64 format. If you do not have the service ID, you can find it by running the `ccmcertmgr <-ts \| --trusted-stores>` command. The certificate file contains a PEM-formatted certificate.
`ccmcertmgr --delete-trustcert <serviceID> <certificateId>`	Deletes a trusted certificate from the specified trusted store. If you do not have the service ID, you can find it by running the `ccmcertmgr <-ts \| --trusted-stores>` command. You can find the certificate ID by running the `ccmcertmgr <-tc \| --trusted-certs> <serviceID>` command.
`ccm release cert-manager third-party-certs`	Manages third-party certificates in the cluster. Various sub-command options are available for this command.

Send Feedback