Using the procertm utility

If you are using HTTPS for communications with a remote FathomTrendDatabase, you use the demo keystore — demoTrendTrustKeystore.zip — to validate the SSL connection from the Fathom installations that are trending to a remote management console (the location of the FathomTrendDatabase). The Digital Certificate that identifies the Certificate Authority who issued the remote management console's digital certificate must be in the demoTrendTrustKeystore.zip for the validation to succeed.

The demoTrendTrustKeystore.zip file contains a number of trusted root digital certificates for a Fathom demo and common, public Certificate Authorities. It is not typically necessary for you to modify the file; however, the demoTrendTrustKeystore.zip file contains neither the digital certificate for every public Certificate Authority nor certificates for any privately run company Certificate Authority.

You can obtain the distributed list of certificates by running the procertm utility and listing the contents of the demoTrendTrustKeystore.zip file certificate store. You can also use the procertm utility to add any Certificate Authority's root certificate to the demoTrendTrustKeystore.zip, if not already there.

If the remote management console's issuing Certificate Authority is not already present, you must first follow these steps:

Contact the CA who issued the management console's digital certificate and obtain the CA's trusted Root Digital Certificate. This may be returned in either PEM (.0, .txt, or .pem) or DER (.cer or .crt) format.
If the CA root digital certificate is in a PEM format (with a file extension of .0, .txt, or .pem), use the procertm tool to convert it to DER format (identified with a.cer file extension).
Use the procertm tool to import the DER-formatted CA digital certificate into the demoTrendTrustKeystore.zip certificate store.

Managing the trust keystore with procertm

You run the procertm utility from a command line using the following syntax:

Syntax

procertm [options] cert_store

in which:

cert
The path to the digital certificate you want to import, export, or remove. This is used with the -i, -e, and -r options. When importing, the path is relative to the working directory. When exporting or removing digital certificates from cert_store, the path is the full digital certificate path specified in cert_store. Subdirectories should be specified with a forward slash (/). You can use multicharacter (*) and single-character (?) wildcards in the cert filename and file extension.
cert_store
The path to the zip or jar certificate store file. If the certificate store file does not exist, and you are importing digital certificates, a new file is created.

When you run procertm, it performs the options in the following order:

Imports any certificates specified with the -i option from the working directory into cert_store. If a certificate is not found, a warning message displays.
Exports any certificates specified with the -e option from cert_store to the working directory. If a certificate is not found, a warning message displays.
Removes any certificates specified with the -r option from cert_store. If a certificate is not found, a warning message displays.
Shows the resulting cert_store file contents, if the -l option is specified.
Prints any digital certificate list information, if the -p option is specified.

You can provide the following options in any combination and in any order:

-v
Prints verbose information about the progress of the digital certificate's import and export. When used with -l, additional digital certificate field information is printed.
-l
Lists the contents of the cert_store file after all import, export, and remove operations are completed.
-p
Prints the digital certificate list the cert_store contents to the file cert_store.dcl, after all import, export and remove operations are completed.
-i cert
Imports certificate file(s) matching cert to cert_store from the working directory. The cert_store file is created as required. You can specify this option multiple times. See the definition of cert.
-e cert
Exports the certificate file(s) matching cert from cert_store to the working directory. Any subdirectories are created if required. You can specify this option multiple times. See the definition of cert.
-r cert
Removes the certificate file(s) matching cert from cert_store. You can specify this option multiple times. See the definition of cert.
-d
Sets the working directory path where certificates are imported from or exported to. The default is the current working directory.

Converting digital certificates with procertm

You can use the procertm utility to convert digital certificates between .DER and .PEM file formats. To convert files from one file format to the other, use the following command line syntax:

Syntax

procertm -c in_cert out_cert

in which:

in_cert
The digital certificate whose file format you want to convert.
out_cert
The file format to which you want to convert the digital certificate. Procertm performs the conversion based on the file-extension type. For example, if in_cert has a file extension type of .crt and out_cert has a file extension type of .pem, in_cert is converted from .der to .pem format and written to the file out_cert.