previous
next
You can test whether a user or server certificate is valid and determine which identities are allowed to authenticate with that certificate. To be valid, a certificate must be signed by a trusted CA (one that is a member of a chain of trust that extends to a trust anchor that you have configured) and it must pass all other validation checks (for example, it must not be expired or revoked and all required intermediate certificates must be available).
NOTE:The certificate validation test applies only to end-entity certificates, not CA certificates. Valid CA-signed root and intermediate certificates will not pass the validation test.
To test certificates from the console
Start the PKI Services Manager console:
Programs > Attachmate Reflection > Utilities > PKI Services Manager
From the Utility menu, select Test Certificate.
Click Browse.
Select a certificate location, then click Browse to select an available certificate from that location.
Click Test.
To test certificates from the command line
Open a DOS command window and navigate to the program folder. The default is:
64-bit systems: C:\Program Files (x86)\Attachmate\ReflectionPKI
32-bit systems: C:\Program Files\Attachmate\ReflectionPKI
Use winpki validate to test certificates. Refer to these examples:
|
To |
Use this command |
|---|---|
|
Check if the certificate test.cer is valid. |
winpki validate \path\test.cer |
|
Check if the certificate is valid and if the server abc.com can authenticate with test.cer. |
winpki validate \path\test.cer -t abc.com |
|
Check if the certificate is valid and if the user joe can authenticate with test.cer. |
winpki validate \path\test.cer -u joe |
|
See which identities can authenticate with test.cer. |
winpki validate \path\test.cer -w |