CERTMGR User Commands
certmgr - TLS/SSL Certificate Management
JNIOR network connections support TLS v1.02 security. This insures that
information passed over the connection is encrypted and unreadable. Most
importantly this protects usernames and passwords which are normally
required to gain access to the JNIOR.
A Certificate is required during TLS negotiation. This not only verifies
the identity of the JNIOR but also passes public key information. The
CERTMGR command performs a number of functions related to keys and
By default the JNIOR generates a unique and secret key pair. It then
creates a self-signed certificate for use in negotiating a TLS connection.
Verifies the current active keys and the associated certificate.
Regenerates the self-signed certificate. If FILE is specified an
externally generated certificate is installed. This must be in PEM
Adds an intermediate certificate. The FILE must be in PEM format.
Validates the digital signature on the certificate in FILE.
Installs an RSA key pair from the FILE. The key file can be encrypted
and the command will prompt for the password.
Dumps the current certificate or if FILE is specified the certificate
within the file. This formats the ASN.1 content in a somewhat
Exports the current certificate to the FILE in PEM format. Note that
the resulting file can be added to your computer's trusted certificate
store allowing your browser to trust the JNIOR. This avoids warning
This exports the current Public Key to FILE. The Private Key is secret
and cannot be exported.
Performs the certificate export in binary format. This option is used
in conjunction with the -E export option.
Generates a new RSA Key Pair. This requests that a new key pair be
generated and this is performed as a background process. By default
a 1,024 bit key pair is generated. The optional BITS parameter can
define a different bit length. Note that only a limit range of key
sizes are possible.
This generates a Certificate Signing Request (CSR) from the installed
RSA Key Pair. A CSR can be provided to a suitable Certificate
Authority (CA) for signature. The resulting signed certificate can
then be installed with the -C FILE option. The JNIOR would then be
trusted by browsers.
Restore default credentials. The JNIOR is shipped with a temporary
512 bit RSA key pair. Once up an running the JNIOR will generate a
1,024 bit key pair as a background task. This option resets the key
pair and repeats that process.
When IP addressing or the hostname is changed the JNIOR will automatically
generate a new self-signed certificate.