lssystemcertstore

Use the lssystemcertstore command to display the certificates installed on the system, categorized by use case.

Syntax

Read syntax diagramSkip visual syntax diagramlssystemcertstoreidscope

Parameters

id | scope
(Optional) Specifies the ID or scope of the use case for which certificate is configured. The id and scope values are enumerated as follows:
  • 0: default
  • 1: keyserver
  • 3: internal_communication

When you use this parameter, the detailed view of the use case-specific certificate is returned. If you do not specify the id or scope parameter, then the concise view of all the use case specific certificates is displayed.

Note: When no use case-specific certificate is installed on the system, lssystemcertstore command displays the default certificate of the system.

Description

This command returns a concise list or a detailed view of use case-specific certificates installed on the system

Table 1 provides attribute values that can be displayed as output view data.
Table 1. lssystemcertstore output
Attribute Possible Values
id Indicates the ID of the use case for which the certificate is used.
scope Indicates the scope for which the certificate is used.
certificate_id Indicates the unique identifier for the certificate.
type Indicates the certificate type. The values can be self_signed, system_signed, and externally_signed.
certificate_status Indicates the status of certificate. The values can be:
  • installed
  • install_pending

The status install_pending indicates that only certificate signing request is generated for the use case and certificate is yet to be installed.

content_status Indicates the status of certificate content. Values can be:
NA:
Indicates that currently, certificate content is neither valid, invalid, nor expired.
valid:
Indicates certificate content is valid.
invalid:
Indicates certificate start time is in future.
expired:
Indicates certificate end date is already passed.
valid_until Indicates the last date of certificate validity. The value is in format YYMMDDHHMMSS.
outstanding_request Indicates if any certificate signing request is pending.
auto_renew Indicates if the certificate is configured for automatic renewal before it expires.
certificate Indicates a readable version of the current SSL certificate.
certificate_export Indicates an encoded version of the SSL certificate.
certificate_chain Indicates the subject distinguished name, and issuer distinguished name of each certificate in the chain. If using a self-signed certificate (or a single signed certificate with no CA certificates installed) then the certificate_chain field will show only one certificate.