Raptor Package Manager - Certificate Command
Jan 1 2022 at 12:00 AM
Overview
The raptorpm cli tool commands depends extensively on which certificates are installed within either the certificate store, or where the local pfx files are present within the configuration directory of the tool.
Within the cli tool directory there is a Data\Certificates
directory which holds either the pfx files within the protected
folder. Or the associated public or private key within the certs
and private
directories.
Signing and verification requires that there is a reference to the installed certificate using the certificate subject name. We use the certificate full subject name to locate the installed certificates.
The below highlights the subject name with the CN=""
tag. The certificate is located using the value within the CN tag. In this instance test.raptor.iotnxt.io
.
Figure 2 - Certificate search results
We have the following commands available related to certificate management:
raptorpm certificate -h
Output:
certificate:
Commands related to managing environment certificates
Usage:
raptorpm certificate [options] [command]
Options:
Verbose, -v Option to specify if command should be logged in detail
-?, -h, --help Show help and usage information
Commands:
search <SubjectName> Search for a X509 certificate in cli tool directory or certificate store by subject name.
- Search - The search command will assist in executing a search either within the certificate store or the cli tool’s
Data\Certificates
directory
Searching for certificates
Let’s see if we can find the test.raptor.iotnxt.io
installed certificate. For this example the pfx file is located within the cli tool Data\Certificates\protected
directory.
Search Overview
search:
Search for a X509 certificate in cli tool directory or certificate store by subject name.
Usage:
raptorpm certificate search [options] <SubjectName>
Arguments:
<SubjectName> Subject name of x509 certificate
Options:
SearchMode, -m <m> Specify the search mode. [CertificateStore; Directory or Both] [default: Both]
Verbose, -v Option to specify if command should be logged in detail
-?, -h, --help Show help and usage information
Execute:
raptorpm certificate search "test.raptor.iotnxt.io"
Output:
2021-02-01 09:53:30.8967|DEBUG|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Searching certificate by subject name: test.raptor.iotnxt.io using search mode Both
Certificate with subject name test.raptor.iotnxt.io located
2021-02-01 09:53:30.9562|DEBUG|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Certificate located!
Ignoring the initialize and bootstrap output, the last lines should either indicate a successful discovery of the certificate or failure.
Expanding on command’s arguments and options, the help parameter can be execute by running -h
optional parameter after the command indicator I.e. search
. See below:
Execute:
raptorpm certificate search -h
Output:
search:
Search for a X509 certificate in cli tool directory or certificate store by subject name.
Usage:
raptorpm certificate search [options] <SubjectName>
Arguments:
<SubjectName> Subject name of x509 certificate
Options:
SearchMode, -m <m> Specify the search mode. [CertificateStore; Directory or Both] [default: Both]
Verbose, -v Option to specify if command should be logged in detail
-?, -h, --help Show help and usage information
The search command has an argument of subject name and search mode option. The search mode allows us to specify or override the default value of the option during execution. Based on this, the default value for searching a certificate is Both
. Let’s update this to only search for a certificate within the certificate store.
Execute:
raptorpm certificate search "test.raptor.iotnxt.io" -m "CertificateStore"
Output:
09:59:00.2131|DEBUG|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Searching certificate by subject name: test.raptor.iotnxt.io using search
mode CertificateStore
2021-02-01 09:59:00.2131|ERROR|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Unable to locate certificate System.Exception: Unable to locate certificate
You will notice that the command informs the user on where it is conducting the search and then that the certificate is not located within the device store. This is an expected result from my environment as I do not have have the test.raptor.iotnxt.io
certificate installed. However located my Data\Certificate
directory as previously mentioned.
The process to create and install the certificates are out of scope of this guide as there are multiple method to create and obtain a certificate. Please see the community site for additional information.