Managing SSL certificates

The clcserver command will automatically detect and use SSL if present on the port it connects to. However, if the certificate is untrusted it will refuse to login. In order to connect to a server, its certificate must be added to the trust-store by using the clcserversslstore utility.

When invoking clcserversslstore it is possible to both list and add new certificates to the trust-store. Certificates are added by providing the program with the connection information (via the -S, -P, -U, and -W parameters):

clcserversslstore -S server.com -U bob -W secret -P 7778

If the port connected to is indeed an SSL-enabled port, the program will ask if the certificate should be trusted for future clcserver invocation:

The server (server.com) presented an untrusted certificate with the
following attributes:
SUBJECT
=======
Common Name        : server.com
Alternative Names  : N/A
Organizational Unit: Enterprise
Organization       : CLC Bio
Locality           : Aarhus N.
State              : N/A
Country            : DK
ISSUER
=======
Common Name        : server.com
Organizational Unit: Enterprise
Organization       : CLC Bio
Locality           : Aarhus N.
State              : N/A
Country            : DK
FINGERPRINTS
============
SHA-1              : A5 F6 8D C4 F6 F3 C2 44
SHA-256            : 49 B5 0B 04 3C 3A A1 E2 D1 BF 87 10
VALIDITY PERIOD
===============
Valid From         : Sep 1, 2011
Valid To           : Aug 31, 2012
Trust this certificate? [yn]

Answering y to this will record the certificate in the trust-store, and allow subsequent clcserver invocation to connect to the server.

It is possible to list the trusted certificates by invoking the clcserversslstore program with the -L argument.