Certificate Authority process tell commands
This table describes additional Tell commands you can use with the IBM® Lotus® Domino™ CA process.
CommandResult
tell ca quitStops CA process.
tell ca statDisplays summary information for the certifiers using the CA process; this includes the certifier's number, its hierarchical name, certifier type (IBM® Lotus® Notes® or Internet), whether it is active, and name of the ICL database.
tell ca show queue certifier numberDisplay a list of pending certificate requests, revocation requests, and configuration modification requests for a specific certifier, using its number from the results of the "tell ca status" command. You can also use * to show this information for all certifiers that are using the CA process.
tell ca activate certifier number passwordActivate a certifier if the certifier is created with "Require password to activate certifier," or use this for any certifier that has been deactivated. Activation is enabled during CA setup and creation. Activate a specific certifier by entering its number from the results of the 'tell ca status' command. Or you can actually unlock all server ID/password-protected certifiers at one time with this command, if you specify "*" for the certifier number. The CA process then prompts you for the password for each certifier.
tell ca deactivate certifier number Deactivate a certifier. You will need to activate it again in order for it to process any request. Use * to deactivate everything, or deactivate a specific certifier by entering its number from the results of the 'tell ca status' command.
tell ca lock idfileLock all certifiers that were set up with a lock ID, as specified during CA setup.
tell ca unlock idfile passwordUnlock all certifiers using the ID and password that comprise the lock ID. The lock ID is specified during CA setup.
tell ca CRL issue certifier numberIssue a non-regular (immediate) CRL for a specific certifier, where certifier number is the number of the certifier specified in the results of the "tell ca status" command.
tell ca CRL push certifier numberPush a certifier's latest regularly scheduled CRL to the Domino Directory, where certifier number is the number of the certifier specified in the results of the "tell ca status" command.
tell ca CRL info certifier number [s/S/n/N]Display CRL information for a specified certifier, where certifier number is the number of the certifier specified by the 'tell ca status' command. Use s or S for regularly scheduled CRLs, and n or N for non-regularly scheduled (immediate) CRLs.
tell ca refreshForce the CA process to refresh its list of certifiers. As a result:
  • newly configured certifiers will be added to the CA process
  • previously unlocked certifiers will need to be unlocked again
  • previously activated certifiers may need to be activated again, if the activation password has changed
  • the Notes certifier ID file in idstorage will be updated with the latest certificate information
tell ca helpList tell ca options