The DASCLI certstates command displays the state of all certificates that have a certificate state other than unapproved.
Authentication is required to use this command.
Parameters
dascli certstates
Output
This command provides the following information:
- Internal ID, which is the ID of the certificate in the agent cache.
- Certificate hash, which is a SHA-256 hash of the certificate BLOB. The certificate hash is internal to Carbon Black App Control and not reflected in any of the certificate properties.
- Publisher hash, which is the hash of the publisher for this certificate. The agent does not get publisher names from the server. The names are obfuscated so that the list of all publishers SRS trusts cannot be trivially looked up.
- State, which is the state of the certificate. The values are: Approved, Banned, Approved by Policy, or Banned by Policy.
- Flags, which is currently not used.
- CLVer, which is the configuration list version that resulted in this certificate state.