Using the setuptrust command
|Article:HOWTO70341|||||Created: 2012-02-07|||||Updated: 2013-03-01|||||Article URL http://www.symantec.com/docs/HOWTO70341|
You can use the setuptrust command to contact the broker to be trusted, obtain its certificate or details over the wire, and add to the trust repository if the furnished details are trustworthy. The security administrator can configure one of the following levels of security for distributing root certificates:
High security (2): If a previously untrusted root is acquired from the peer (that is, if no certificate with the same signature exists in our trust store), the user will be prompted to verify the hash.
Medium security (1): The first authentication broker will be trusted without prompting. Any attempts to trust subsequent authentication brokers will cause the user to be prompted for a hash verification before the certificate is added to the trusted store.
Low security (0): The authentication broker certificate is always trusted without any prompting. The vssat CLI is located in the authentication service 'bin' directory.
The setuptrust command uses the following syntax:
vssat setuptrust --broker <host[:port]> --securitylevel high
The setuptrust command uses the following arguments:
The broker, host, and port arguments are first. The host and port of the broker to be trusted. The registered port for Authentication is 2821. If the broker has been configured with another port number, consult your security administrator for information.
Article URL http://www.symantec.com/docs/HOWTO70341