1. ACLI Reference Guide
  2. ACLI Commands A-M
  3. global-trusted-ca

global-trusted-ca

The global-trusted-ca command creates individual global trusted root CA stores that you can apply to one or more tls-profiles. You can also use this command to import certificates directly to new global trusted root CA stores, and generate reports on the contents of these stores.

Syntax

The syntax for global-trusted-ca follows. 

ORACLE# global-trusted-ca [ca-bundle add <all(default): 
list (comma separated list of Organization Names) | show [list-brief : list-detail] ]
 | [import-X509 <certificate-record name>] <global-trusted-ca name>

Arguments

<ca-bundle>—Specifies how to create or display your local global-trusted-ca.

  • ca-bundle
    • add—Arguments include:
      • <all> (default)—Creates global-trusted-ca using all the valid certificates in the ca-bundle.crt file. You specify a name to create a new global-trusted-ca with the entire list.
      • <list of organization names>—Specifies all the certificates in the ca-bundle.crt file associated with the one or more organization name listed in the command. Create certificate-record for only the certificates with respect to the organization names using a comma separated list of Organization Name
      • global-trusted-ca name—Specifies the name of your new global trusted root CA.
    • show—Additional required arguments include:
      • <list-brief>—Lists all of the Organization Names that are responsible for issuing and managing CA certificates available in the certificate bundle installed on your system.
      • <list-detail> Organization Name—Lists all of the certificates, with details, within the crt-bundle.crt that apply to the Organization Name you specify and are installed on your system.

      Note:

      Both the show argument's list-brief and list-detail arguments do not require admin rights.
  • import-X509—Allows you to simultaneously import a new certificate and add that certificate to a new global-trusted-ca. The system names this new global-trusted-ca using the name you provide, or displays an error if that global-trusted-ca name already exists. When you initiate the command, the system tells you to enter the certificate in the PEM format, then terminate your entry with a semi-colon ";". Arguments include:
    • certificate-record name—Specifies the certificate-record name to which you are importing.
    • global-trusted-ca—Specifies the name of your new or existing global trusted root CA.

Mode

Superuser

Example

ORACLE# trusted-root-ca ca-bundle add all MyCAList2