1. Overview
2. Searching for certificates
   1. Search Overview

Overview

The raptorpm cli tool commands depends extensively on which certificates are installed within either the certificate store, or where the local pfx files are present within the configuration directory of the tool.

Within the cli tool directory there is a Data\Certificates directory which holds either the pfx files within the protected folder. Or the associated public or private key within the certs and private directories.

Signing and verification requires that there is a reference to the installed certificate using the certificate subject name. We use the certificate full subject name to locate the installed certificates.

The below highlights the subject name with the CN="" tag. The certificate is located using the value within the CN tag. In this instance test.raptor.iotnxt.io.

Figure 2 - Certificate search results

We have the following commands available related to certificate management:

raptorpm certificate -h

Output:

certificate:
  Commands related to managing environment certificates

Usage:
  raptorpm certificate [options] [command]

Options:
  Verbose, -v       Option to specify if command should be logged in detail
  -?, -h, --help    Show help and usage information

Commands:
  search <SubjectName>    Search for a X509 certificate in cli tool directory or certificate store by subject name.

1. Search - The search command will assist in executing a search either within the certificate store or the cli tool’s Data\Certificates directory

Searching for certificates

Let’s see if we can find the test.raptor.iotnxt.io installed certificate. For this example the pfx file is located within the cli tool Data\Certificates\protected directory.

Search Overview

search:
  Search for a X509 certificate in cli tool directory or certificate store by subject name.

Usage:
  raptorpm certificate search [options] <SubjectName>

Arguments:
  <SubjectName>    Subject name of x509 certificate

Options:
  SearchMode, -m <m>    Specify the search mode. [CertificateStore; Directory or Both] [default: Both]
  Verbose, -v           Option to specify if command should be logged in detail
  -?, -h, --help        Show help and usage information

Execute:

raptorpm certificate search "test.raptor.iotnxt.io"

Output:

2021-02-01 09:53:30.8967|DEBUG|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Searching certificate by subject name: test.raptor.iotnxt.io using search mode  Both
Certificate with subject name test.raptor.iotnxt.io located
2021-02-01 09:53:30.9562|DEBUG|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Certificate located!

Ignoring the initialize and bootstrap output, the last lines should either indicate a successful discovery of the certificate or failure.

Expanding on command’s arguments and options, the help parameter can be execute by running -h optional parameter after the command indicator I.e. search. See below:

Execute:

raptorpm certificate search -h

Output:

search:
  Search for a X509 certificate in cli tool directory or certificate store by subject name.

Usage:
  raptorpm certificate search [options] <SubjectName>

Arguments:
  <SubjectName>    Subject name of x509 certificate

Options:
  SearchMode, -m <m>    Specify the search mode. [CertificateStore; Directory or Both] [default: Both]
  Verbose, -v           Option to specify if command should be logged in detail
  -?, -h, --help        Show help and usage information

The search command has an argument of subject name and search mode option. The search mode allows us to specify or override the default value of the option during execution. Based on this, the default value for searching a certificate is Both. Let’s update this to only search for a certificate within the certificate store.

Execute:

raptorpm certificate search "test.raptor.iotnxt.io" -m "CertificateStore"

Output:

 09:59:00.2131|DEBUG|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Searching certificate by subject name: test.raptor.iotnxt.io using search 
mode  CertificateStore
2021-02-01 09:59:00.2131|ERROR|IoTnxt.Raptor.Packman.Commands.CertificateManagement.SearchCertificateCommand|Unable to locate certificate System.Exception: Unable to locate certificate

You will notice that the command informs the user on where it is conducting the search and then that the certificate is not located within the device store. This is an expected result from my environment as I do not have have the test.raptor.iotnxt.io certificate installed. However located my Data\Certificate directory as previously mentioned.

The process to create and install the certificates are out of scope of this guide as there are multiple method to create and obtain a certificate. Please see the community site for additional information.