Managing SSL certificates
A secure connection is established to a CLC Server by supplying the relevant port number, usually 8443, to the clcserver command. E.g.
clcserver -S <servername> -U <username> -W <passcode> -P 8443
The clcserver command uses SSL if it is present on the port it connects to.
If the server certificate is untrusted, the connection will not be established and login will fail with the message: SSL Handshake failed. Check certificate.
To specify that the certificate should be trusted, it must be added to the CLC Server Command Line Tools truststore. To do this, run the clcserversslstore tool with the relevant connection details, e.g.
clcserversslstore -S server.com -U bob -W secret -P 8443
The details of the certificate are then displayed, and the option to add the certificate to the truststore (y) or not to do so (n) is provided.
The server (server.com) presented an untrusted certificate with the following attributes: SUBJECT ======= Common Name : server.com Alternative Names : N/A Organizational Unit: Enterprise Organization : QIAGEN Locality : Aarhus N State : N/A Country : DK ISSUER ======= Common Name : server.com Organizational Unit: Enterprise Organization : QIAGEN Locality : Aarhus N State : N/A Country : DK FINGERPRINTS ============ SHA-1 : 21 34 6E 8D 9B 01 33 B5 D6 40 73 56 7A 2F 87 A7 EE 3C 21 44 SHA-256 : E5 7F F3 19 8A C1 53 16 00 39 EC F6 65 B3 15 AD 6F 71 DC 2C 8E D0 D9 91 54 DD AE 40 34 A9 0B F2 VALIDITY PERIOD =============== Valid From : 4 Apr 2024 Valid To : 4 Apr 2025 Trust this certificate? [yn]
After the certificate is added to the CLC Server Command Line Tools truststore, the clcserver tool can be used to connect securely to the CLC Server.
Add the -L flag to the clcserversslstore command, along with the connection information, to list the certificates trusted by the CLC Server Command Line Tools.