Managing SSL certificates
The clcserver
command will automatically detect and use SSL if present on the port it connects to. However, if the certificate is untrusted it will refuse to login. In order to connect to a server, its certificate must be added to the trust-store by using the clcserversslstore
utility.
When invoking clcserversslstore
it is possible to both list and add new certificates to the trust-store. Certificates are added by providing the program with the connection information (via the -S, -P, -U, and -W parameters):
clcserversslstore -S server.com -U bob -W secret -P 7778
If the port connected to is indeed an SSL-enabled port, the program will ask if the certificate should be trusted for future clcserver
invocation:
The server (server.com) presented an untrusted certificate with the following attributes: SUBJECT ======= Common Name : server.com Alternative Names : N/A Organizational Unit: Enterprise Organization : CLC Bio Locality : Aarhus N. State : N/A Country : DK ISSUER ======= Common Name : server.com Organizational Unit: Enterprise Organization : CLC Bio Locality : Aarhus N. State : N/A Country : DK FINGERPRINTS ============ SHA-1 : A5 F6 8D C4 F6 F3 C2 44 SHA-256 : 49 B5 0B 04 3C 3A A1 E2 D1 BF 87 10 VALIDITY PERIOD =============== Valid From : Sep 1, 2011 Valid To : Aug 31, 2012 Trust this certificate? [yn]
Answering y
to this will record the certificate in the trust-store, and allow subsequent clcserver
invocation to connect to the server.
It is possible to list the trusted certificates by invoking the clcserversslstore
program with the -L argument.