vhsm pki verify-sign

Learn to verify if the issuer has signed the certificate

The vhsm pki verify-sign command verifies whether the listed issuer has signed the listed issued certificate.

Usage

vhsm pki verify-sign <parent> <child>

<parent>: The fully name-spaced path to the issuer certificate used to verify the <child> certificate.
<child>: The fully name-spaced path to the potential child certificate to be verified.

A fully namespaced path looks like:

ns1/mount1/issuer/issuerName/json

Output fields

Field

Description

signature_match

Indicates if the key of the issuer was used to sign the issued certificate.

path_match

Checks if the possible issuer appears in the valid certificate chain of the issued certificate.

key_id_match

Verifies if the key ID of the issuer matches the key ID of the subject.

subject_match

Determines if the subject name of the issuer matches the issuer subject of the issued certificate.

trust_match

If someone trusted the parent issuer, verifies whether the provided chain is sufficient to trust the child issued certificate.

Example

vhsm pki verify-sign pki_root/issuer/root pki_int/issuer/FirstDepartment

Output

issuer:pki_root/issuer/root
issued:pki_int/issuer/FirstDepartment

field              value
-----              -----
subject_match      true
path_match         true
trust_match        true
key_id_match       true
signature_match    true

Previousvhsm pki reissue Nextvhsm transit

Last updated 3 months ago

Was this helpful?