Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 433

1. Open the subsystem console.
pkiconsole https://server.example.com:admin_port/subsystem_type
2. In the Configuration tab, select System Keys and Certificates from the left navigation tree.
3. There are two tabs, CA Certificates and Local Certificates, which list different kinds of
certificates.
• CA Certificates lists CA certificates for which the corresponding private key material is not
available, such as certificates issued by third-party CAs such as Entrust or Verisign or external
Certificate System Certificate Managers.
• Local Certificates lists certificates kept by the Certificate System subsystem instance, such as
the DRM transport certificate or OCSP signing certificate.
Figure 16.3. Certificate Database Tab
4. The Certificate Database Management table lists the all of the certificates installed on the
subsystem. The following information is supplied for each certificate:
• Certificate Name
• Serial Number
• Issuer Names, the common name (cn) of the issuer of this certificate.
• Token Name, the name of the cryptographic token holding the certificate; for certificate stored in
the database, this is internal.
To view more detailed information about the certificate, select the certificate, and click View. This
opens a window which shows the serial number, validity period, subject name, issuer name, and
certificate fingerprint of the certificate.
16.5.2.2. Viewing Database Content Using certutil
To view the certificates in the subsystem database using certutil, open the instance's certificate
database directory, and run the certutil with the -L option. For example:
cd /var/lib/subsystem_name/alias
certutil -L -d .
Viewing Database Content
411