Using the LISTPKI command

Display the local certificate database

 

Description

Use the LISTPKI command to display the local certificate database according to criteria set in the command parameters.

Parameters

[PKIFNAME = string1..64]

Name of the local certificate database in which the operation is to be performed.

For each OS, a default name is assigned to the local certificate database.

[CONTENT = BRIEF | FULL]

Result display mode.

With the BRIEF value, a 79-character entry is displayed for each certificate.

[ID     = {*, string1..8}]

Unique local identifier of the certificate(s) to be displayed.

The * and ? wildcard characters are accepted for the ID parameter value.

[ INUM  = {number0...99} ]

Internal number for the intermediate certificates in an imported chain of certificates (in the PKI database).

You can use this option to select a specific intermediate certificate.

[TYPE = ALL | USER | ROOT | INTER | KEY ]

Type of certificate to display:

  • ALL: all certificates
  • USER: user certificates
  • ROOT: root authority certificates
  • INTER: intermediate authority certificates
  • KEY: list PKIKEY items

[STATE = ALL | ACT | INACT | EXPIRED]

Status of the certificates to display:

  • ALL: all statuses
  • ACT: all activated certificates
  • INACT: all deactivated certificates
  • EXPIRED: all expired certificates

CONTENT=BRIEF Display  

See Brief display

CONTENT=FULL Display  

See Full display

LISTPKI INUM

See Inum example

 

CONTENT=BRIEF Display

The following information is displayed for the CONTENT parameter BRIEF value:

Id.   Root      T S C K E Exp.Date Delivered to Delivered by
-------- -------- - - - - - ---------- -------------

CAXMP CAXMP     R A x     19/12/2010 CA SAMPLE FOR CA SAMPLE FOR CLIENT

CAXMP           U A x x   18/12/2010 CLIENT SAMPLE CA SAMPLE FOR SERVER

CAXMP           U A x x   18/12/2010 SERVER SAMPLE CA SAMPLE FOR

Id

Identifier assigned to the certificate when it was imported into the database.

Root

Identifier of the root certificate authority.

T S C K E

Miscellaneous certificate information:

  • T: Type of Certificate: R for Root (Root Authority), I for Intermediate (Intermediate Authority), U for User
  • S: Certificate state: A for active or I for inactive
  • C: x denotes if the certificate is in the database
  • K: x denotes if the private key associated with the certificate exists
  • E: Certificate expired (!) or otherwise

Exp. Date

Expiry date of the certificate.

Delivered to

CN (Common name) attribute of the certificate user DN field.

Delivered by

CN (Common name) attribute of the certificate signer DN field.

CONTENT=FULL Display

Certificate id. ID = CLIENT
Certificate type TYPE= USER

Root's id. ROOT= CAXMP

Signer's id. SID = CAXMP

State STATE = ACT

Serial number SNUMB = b
Delivered to Us.CN = CLIENT SAMPLE FO
Delivered by Si.CN = CA SAMPLE FOR XF

Certificate validity
--------------------

Expired Before : 21/12/2000 Expired After : 18/12/2010

Comment COMMENT =
*

Owner's DN OWNER'S DN =
* C=FR, L=PUTEAUX, ST=ILE DE FRANCE, O=Axway, OU=XFB, CN=CLIENT

Signer's DN SIGNER'S DN =
* C=FR, L=PUTEAUX, ST=ILE DE FRANCE, O=Axway, OU=XFB, CN=CA SAMPL

Private Key type = RSA 1024 bits

Certificate id

Identifier assigned to the certificate when it was imported into the database.

Certificate Type

Identifier of the root certificate authority.

Root id

Identifier of the root certificate authority.

Signer id

Identifier of the certificate signer (issuer).

State

State of the certificate in the database (active or inactive).

Serial Number

Serial number of the certificate.

Delivered to

CN (Common name) attribute of the certificate user DN field.

Delivered by

CN (Common name) attribute of the certificate signer DN field.

Expired before and after

Period of validity of the certificate (start and end date )

Comment

Value assigned to the COMMENT parameter when the certificate was imported into the database.

Owner DN

Value of the certificate user DN field.

Signer DN

Value of the certificate signer DN field.

INUM example

If you have imported a certificate chain in the database, execute the LISTPKI command to return all certificates:

PKIUTIL LISTPKI ID=TEST4

 

Certificates:

Id.   Root iNum  T S C K E  Exp.Date  Delivered to  Delivered by

---- ------ ---- - - - - - ---------- ------------- -------------

TEST4 TEST4 1    I  A x     23/07/2029 2k_chain_inte 2k_chain_root

TEST4 TEST4 2    I  A x     23/07/2029 2k_chain_inte 2k_chain_inte

TEST4 TEST4      R  A x     23/07/2029 2k_chain_root 2k_chain_root

TEST4 TEST4      U  A x x   23/07/2029 2k_chain_user 2k_chain_inte

To display only the second certificate, for example, in the list (inum=2) execute:

PKIUTIL LISTPKI INUM=2

Related Links