Description of WCM commands

 

LIST

The outcome of the LIST command displays:

• the server on which the search was performed (e.g. http-server);

• the date and time at which the search was performed (e.g. 2016-02-02 12:33);

• the expiry date and time of the certificate (e.g. 2040-01-01 00:59);

• the type of certificate hash algorithm (e.g. sha256RSA);

• the name of the certificate domain (e.g. CN= YTWIN2012R2.DEV.doxense.local).

SHOW

The following information is displayed after the LIST command:

• ChampVersion: version X.509 of the certificate;

• Subject: CN, Simple Name and DNS Name of the server associated with the certificate;

• Issuer: CN, Simple Name and DNS Name of the certificate issuer;

• Serial Number: serial number of the certificate;

• Not Before: date and time of start of certificate validity;

• Not After: date and time of end of certificate validity;

• Thumprint: certificate hash;

• Signature Algorithm: algorithm used to encrypt the signature of the certificate;

• Public Key: public key;

• Private Key: private key;

• Extensions : certificate extensions.
  
  

 

Checks performed to establish certificate validity:

• OK! (green): no problems were detected

• /!\ (yellow): : warning

• /!\ (red):: error and possible cause of an anomaly encountered with this certificate:
  
  
  

 

Points checked:

• Date of certificat validity;

• Self-signed certificate: the issuer has signed the certificate itself. This is Watchdoc's default setting;

• Signature algorithm: if the algorithm used is recognised as obsolete, a warning is displayed;

• Algorithm and key size;

• Certificat validity outcome.

CREATE <certificat ID>

After creating the certificate, the following information must be entered:

• Primary Host Name: use the server's host name;

• More IP or DNS (use ';' as a separator): possibility of adding additional information, hostname and IP address specified by default;

• Expiration date ('yyyy-mm-dd')? : possibility of entering the expiration date (by default today's date + 10 years);

• RSA Key Size (2048 by default) possibility of entering the RSA key size in bits. 2048 bits by default;

• a summary of the certificate characteristics is then displayed. Enter a to cancel, n to reject or y to confirm:

• a: certificate creation is halted;

• n: you are asked for the creation information again;;

• y: the certificate is created.

 

Certificate's PRIVATE Key is displayed in red, the Certificate's PUBLIC Key is displayed in green, and the Certificate Signing Request is displayed in cyan;

Saving the certificate requires it to be stored in Watchdoc's installation folder. Remember to start WCM with a profile having the necessary rights.

TEST [URI] [protocol]

• URI : if the URI is not entered, WCM uses the following value: https://127.0.0.1:5753/

• protocol : if no value is entered, WCM uses Watchdoc's values. Only one protocol option can be entered. The following possible values can be used:

  • --ssl2 : SSL v2 only

  • --ssl3 : SSL v3 only

  • --tls10 : TLS 1.0 only

  • --tls11 : TLS 1.1 only

  • --tls12 : TLS 1.2 only

  • --weak : SSLv2 et SSLv3

  • --strong : TLS 1.0, 1.1 et 1.2

  • --all : All protocols

(See SHOW command for more information on the fields displayed).

SERVER [port|IP:port [id certificat] ] [protocol]

• protocol :

  • --ssl2 : SSL v2 uniquement

  • --ssl3 : SSL v3 uniquement

  • --tls10 : TLS 1.0 uniquement

  • --tls11 : TLS 1.1 uniquement

  • --tls12 : TLS 1.2 uniquement

  • --weak : SSLv2 et SSLv3

  • --strong : TLS 1.0, 1.1 et 1.2

  • --all : All protocols

Example with the following command: server 5753 acme

Note: port 5753 is used by Watchdoc; the service should therefore be stopped before running the command.

• If the following address is entered in the web browser: https://NomDeMonServeur:5753, WCM displays the following outcome :
  

• The following outcome is displayed in the browser: