certget retrieves a single certificate from local LDAP repository.
certget {-f file | [-b | -t]}tag [username]
The certget command retrieves a single certificate from the local LDAP repository. This command retrieves a single certificate at a time. If the invoker wishes to retrieve all the certificates for a user, the certlist command may be used to first to obtain a list of the certificates and then perform the certget operation on the certificate list.
If the -f option is used, the certificate shall be written in binary format to the named file. Otherwise the certificate is output to stdout either in binary or hexadecimal. If the -b option is given, binary output is used (default). If the -t option is given, hexadecimal output is used. Certificates are output in DER format.
The tag parameter uniquely selects one of the user's certificates. The username parameter specifies which AIX user is to be queried. If invoked without the username parameter, the certdelete command uses the name of the current user.
| -f | Specifies the file that the DER encoded certificate will be stored. |
| -b | Specifies the format of the certificate data to be binary. |
| -t | Specifies the format of the certificate data to be hexadecimal. |
| 0 | If successful. |
| EINVAL | If the command is ill-formed or the arguments are invalid. |
| ENOENT | If a) the user doesn't exist, b) the tag does not exist c) the file does not exist. |
| EIO | If unable to create/modify LDAP entry. |
| ENOCONNECT | If the service is not available. |
| errno | If system error. |
This command can be executed by anyone to retrieve a certificate belonging to a user from the local repository.
This command records the following event information:
CERT_Get <username>
$ certget -f cert.der signcert bob
$ certget -t signcert > cert.der
/usr/lib/security/pki/acct.cfg
The certadd, certcreate, certdelete, certlink, certlist, certrevoke, certverify, keyadd, keydelete, keylist, keypasswd, and mksecpki commands.