Displaying default keys and certificate authorities

This section describes how to view trusted certificate authorities and display default keys within a key database.


About this task

A trusted certificate authority (CA) issues and manages public keys for data encryption. A key database is used to share public keys that are used for secure connections. The tasks that follow show how to view the certificate authorities that are in your database, along with their expiration dates.


Procedure

  • Display a list of trusted CAs in a key database by entering the following command as one line:
    install_root/bin/gskcmd -cert -list CA -db filename [-pw password | -stashed]

  • Display a list of certificates in a key database and their expiration dates by enter the following command:
    install_root/bin/gskcmd -cert -list -db filename [-pw password | -stashed]

    where:

    • -cert indicates the operation applies to a certificate.

    • -list all | personal | CA | site specifies a list action. The default is to list all certificates.

    • -db <filename> is the name of the key database. It is used when you want to list a certificate for a specific key database.

    • -pw password specifies the password to access the key database.

    • -stashed indicates that the password for the key database should be recovered from the stash file.