Viewing Certificate Authorities
You can use the following show commands to view information about the certificate authority (CA) configuration on the event broker.
Standard Domain Validation Certificate Authorities
To view the standard domain validation CA configuration, enter the following command:
solace> show standard-domain-certificate-authority {ca-name <ca-name> [cert [raw-content]| detail] [count<num-elements>]}
Where:
ca-name—Displays the CAs matching the given pattern.<ca-name>—Name of the CA. May contain * or ?.cert—Displays the CA certificate information.raw-content—Displays the CA certificate's raw content.detail—Displays detailed information.count <num-element>—The maximum number of elements to display.
Domain Validation Certificate Authorities
To view the domain validation CA configuration, enter the following command:
solace> show domain-certificate-authority {ca-name <ca-name> [cert [raw-content]| detail] [count<num-elements>]}
Where:
ca-name—Displays the CAs matching the given pattern.<ca-name>—Name of the CA. May contain * or ?.cert—Displays the CA certificate information.raw-content—Displays the CA certificate's raw content.detail—Displays detailed information.count <num-element>—The maximum number of elements to display.
Client Authentication Certificate Authorities
To view the client authentication CA configurations and statistics, enter the following command:
solace> show client-certificate-authority {ca-name <ca-name> [cert [raw-content]| crl | stats | detail] [count<num-elements>] | stats}
Where:
ca-name—Displays the CAs matching the given pattern.<ca-name>—Name of the CA. May contain * or ?.cert—Displays the CA certificate information.raw-content—Displays the CA certificate's raw content.crl—Displays Certification Revocation List (CRL) information.stats—Displays global statistics information.detail—Displays detailed information.count <num-element>—The maximum number of elements to display.
The following example displays the usage of ca-name command with a wildcard.
Example 1:
solace# show client-certificate-authority ca-name * Certificate Certificate Revocation CRL Op Authority Configured Status Status ====================================== ========== =========== ====== int1CA No Enabled Down int2CA No Enabled Down int3CA No Enabled Down int4CA No Enabled Down int5CA No Enabled Down int6CA No Enabled Down rootCA No Enabled Down
The following example displays detailed information of a CA certificate.
Example 2:
solace# show client-certificate-authority ca-name intCA detail
Certificate Authority: int1CA
Certificate Configured No
Revocation Check:
Admin Status: Enabled
CRL
URL:
Refresh Schedule: daily 3:00
Operational Status: Down
Version:
Last Successful Download: NA
Next Download: NA
Last Error Reason: Certificate no configured
Last Error Time: Jun 22 2017 11:13:48 UTC
OCSP
Override URL:
Allow Non-responder Cert: No
Responder Common Name:
Timeout (sec): 5
Last Fail Reason: NA
Last Fail URL:
Last Fail Time: NA
The following example displays statistics of a CA certificate.
Example 3:
solace# show client-certificate-authority ca-name intCA stats
Certificate Authority: intCA
Revocation Checks:
CRL
Valid: 1
Revoked: 1
Unknown: 1
OCSP
Valid: 1
Revoked: 1
Unknown: 1
OCSP fallback to CRL: 1
OCSP Requests
Valid: 100
Revoked: 99
Definitive: 98
Exceptions: 1
Timeout: 5
Connection Failures: 1
Revoked: 1
To clear the client-certificate-authority stats for all client authentication CAs, enter the following:
solace# clear client-certificate-authority stats