certget retrieves a single certificate from local LDAP repository.
certget {-f file | [-b | -t]}tag [username]
The certget command retrieves a single certificate from the local LDAP repository. This command retrieves a single certificate at a time. If the invoker wishes to retrieve all the certificates for a user, the certlist command may be used to first to obtain a list of the certificates and then perform the certget operation on the certificate list.
If the -f option is used, the certificate shall be written in binary format to the named file. Otherwise the certificate is output to stdout either in binary or hexadecimal. If the -b option is given, binary output is used (default). If the -t option is given, hexadecimal output is used. Certificates are output in DER format.
The tag parameter uniquely selects one of the user's certificates. The username parameter specifies which AIX® user is to be queried. If invoked without the username parameter, the certdelete command uses the name of the current user.
| Item | Description |
|---|---|
| -f | Specifies the file that the DER encoded certificate will be stored. |
| -b | Specifies the format of the certificate data to be binary. |
| -t | Specifies the format of the certificate data to be hexadecimal. |
| Item | Description |
|---|---|
| 0 | If successful. |
| EINVAL | If the command is ill-formed or the arguments are invalid. |
| ENOENT | If a) the user doesn't exist, b) the tag does not exist c) the file does not exist. |
| EIO | If unable to create/modify LDAP entry. |
| ENOCONNECT | If the service is not available. |
| errno | If system error. |
This command can be executed by anyone to retrieve a certificate belonging to a user from the local repository.
Audit
This command records the following event information:
CERT_Get <username>
$ certget -f cert.der signcert bob$ certget -t signcert > cert.der/usr/lib/security/pki/acct.cfg