cpca_client search

Description

Searches for certificates in the ICA.

Note:

On a Multi-Domain Server, you must run this command in the context of the applicable Domain Management Server:

mdsenv <IP Address or Name of Domain Management Server>

Syntax

cpca_client [-d] search <String> [-where {dn | comment | serial | device_type | device_id | device_name}] [-kind {SIC | IKE | User | LDAP}] [-stat {Pending | Valid | Revoked | Expired | Renewed}] [-max <Maximal Number of Results>] [-showfp {y | n}]

Parameters

Parameter

Description

-d

Runs the command in debug mode.

Use only if you troubleshoot the command itself.

Best Practice - If you use this parameter, then redirect the output to a file, or use the script command to save the entire CLI session.

<String>

Specifies the text to search in the certificates.

You can enter only one text string that does not contain spaces.

-where {dn | comment | serial | device_type | device_id | device_name}

Optional. Specifies the certificate's field, in which to search for the string:

  • dn - Certificate DN

  • comment - Certificate comment

  • serial - Certificate serial number

  • device_type - Device type

  • device_id - Device ID

  • device_name - Device Name

The default is to search in all fields.

-kind {SIC | IKE | User | LDAP}

Optional. Specifies the certificate kind to search.

You can enter multiple values in this format:

-kind <Kind1> <Kind2> <Kind3>

The default is to search for all kinds.

-stat {Pending | Valid | Revoked | Expired | Renewed}

Optional. Specifies the certificate status to search.

You can enter multiple values in this format:

-stat <Status1> <Status2> <Status3>

The default is to search for all statuses.

-max <Maximal Number of Results>

Optional. Specifies the maximal number of results to show.

  • Range: 1 and greater

  • Default: 200

-showfp {y | n}

Optional. Specifies whether to show the certificate's fingerprint and thumbprint:

  • y - Shows the fingerprint and thumbprint (this is the default)

  • n - Does not show the fingerprint and thumbprint

Example 1

[Expert@MGMT:0]# cpca_client search samplecompany -where comment -kind SIC LDAP -stat Pending Valid Renewed

Example 2

[Expert@MGMT:0]# cpca_client search 192.168.3.51 -where dnOperation succeeded. rc=0.
1 certs found.
 
Subject = CN=192.168.3.51,O=MGMT.5p72vp
Status = Valid Kind = SIC Serial = 73455 DP = 0
Not_Before: Sat Apr 7 19:40:12 2018 Not_After: Fri Apr 7 19:40:12 2023
Fingerprint = XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX
Thumbprint = xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
[Expert@MGMT:0]#

Example 3

[Expert@MGMT:0]# cpca_client search 192.168.3.51 -where dn -showfp nOperation succeeded. rc=0.
1 certs found.
 
Subject = CN=192.168.3.51,O=MGMT.5p72vp
Status = Valid Kind = SIC Serial = 73455 DP = 0
Not_Before: Sat Apr 7 19:40:12 2018 Not_After: Fri Apr 7 19:40:12 2023
[Expert@MGMT:0]#