vhsm pki verify-sign
Learn to verify if the issuer has signed the certificate
The vhsm pki verify-sign
command verifies whether the listed issuer has signed the listed issued certificate.
Usage
vhsm pki verify-sign <parent> <child>
<parent>
: The fully name-spaced path to the issuer certificate used to verify the<child>
certificate.<child>
: The fully name-spaced path to the potential child certificate to be verified.
A fully namespaced path looks like:
ns1/mount1/issuer/issuerName/json
Output fields
signature_match
Indicates if the key of the issuer was used to sign the issued certificate.
path_match
Checks if the possible issuer appears in the valid certificate chain of the issued certificate.
key_id_match
Verifies if the key ID of the issuer matches the key ID of the subject.
subject_match
Determines if the subject name of the issuer matches the issuer subject of the issued certificate.
trust_match
If someone trusted the parent issuer, verifies whether the provided chain is sufficient to trust the child issued certificate.
Example
vhsm pki verify-sign pki_root/issuer/root pki_int/issuer/FirstDepartment
Output
issuer:pki_root/issuer/root
issued:pki_int/issuer/FirstDepartment
field value
----- -----
subject_match true
path_match true
trust_match true
key_id_match true
signature_match true
Last updated
Was this helpful?