certTool is a command line tool to manage certificates by using Session Manager. You must use certTool to install trusted certificates if System Manager is using a third-party certificate.
To access the certTool, you can use both the customer account and all service accounts. When you run the certTool as a non-root user, customer password is required to prevent unauthorized access.
certTool options
Option
Description
-i
--import <certificate file>
Specifies the certificate to import. The certificate file must be in the PEM format when the -trustedca option is used, and the certificate file must be in the PKCS#12 format when adding identity certificates.
-t
--trustedca
Specifies the flag to indicate that the certificate must be added to the service truststore.
-s
--service
Specifies the service to which the certificate must be applied. The values are:
sip
http
mgmt
db
spirit
syslog
all
tunnel
Use the all option only to import trusted certificates. The all option adds the trusted certificate to every truststore.
From Release 10.2, the network interface can be used to specify the set of services to be updated.
eth0 imports the certificate in all applications that use the eth0 interface. For example, mgmt, spirit, postgres, syslog, and tunnel.
eth1 is used for security module applications. For example, securitymodule_sip and securitymodule_http.
-p
--passphrase
Provides the passphrase required to import PKCS#12 identity certificates.
Warning:
Passing the certificate password using the command line records the password in shell history.
-h
--help
Displays the usage and options.
Error codes
Code
Description
0
Success
1
Usage
2
File does not exist
3
Importing of ID certificate failed
4
Incorrect passphrase
5
User entered no while importing trusted certificate
