Verify the validity of certificates

If you want to verify whether certificates are in a valid .pem format, are not expired, or have a stash that matches the private key password, you can use Certman to verify the validity.

  1. Browse to the following path: <image_location>/TWS/<interp_name>/Tivoli_LWA_<interp_name>\TWS\bin
  2. Check the validity by running the following command: 
    certman verify -inpath <input path> -keypasswd <key pwd> [-minkeysize <minimum key size>] [-workdir <working directory>]

    Where:

    inpath
    Specify the folder that contains the following certificates:
    • tls.crt
    • tls.key
    • tls.sth
    • ca.crt
    keypasswd
    Specify the password used to encrypt the private key.
    minkeysize
    Optionally, specify the minimum size of the key. The default value is 1024.
    workdir
    Optionally, specify the working directory used by the command for storing data while running. When the command stops running, the working directory is deleted. Ensure you have write access to the specified directory and enough space is available.
Using the verify command, the following checks are performed:
  • The key password.
  • The stash password (if the tls.sth file is available).
  • The certificate expiration date.
  • The key length.
  • The certificate and key in .pem format.
  • The private key and public key match.
  • The public key in tls.key and public key in tls.crt match.
  • The correctness of the tls.crt in the CA chain.
  • The purposes of the tls.crt file, which must be suitable for both client and server connections.