If it is suspected that the relation between the Certificates and Subjects table is corrupted in the Smart ID Certificate Manager database, you can use
subjectstool, to check the contents of the Subjects table against values that are created by this tool from the actual certificates in the CMDB.
The program is located in the <install_root>/tools directory relative to where CM is installed.
check is used to check the contents of the Subjects table against values that are created by this tool from the actual certificates in the CMDB. The output file will contain all Subject entries that differ, or are missing. If no differences are found, the output file is empty.
csv is used to output the data that the tool creates for the Subjects table for each certificate entry in the Certificates table to a CSV file. Review the CSV file to verify the data. The optional argument
-delim can be used to decide the delimiter to use in the CSV file. Default is ";".
db is used to write the Subjects data created by this tool from the certificates in the CMDB into the Subjects table. This requires that all entries in the Subjects table has been deleted prior to running the command. This tool will not delete any data from the Subjects table. It only does insertions.
The suggested order to run the commands in is
csv and lastly if needed
These are the limitations for
- It only handles Subjects for X.509 certificates.
- It does not handle entries in the ExtendedCertSearch table. If that table is used, do not use this tool.
- Subjects which have been marked for removal for GDPR reasons may be recreated.
- It does not handle officers connected to subject. If such officers are used, change their profiles to use dynamic token before using this tool. After the
dbcommand has been executed, ALL officers should be resigned, even those not connected to a subject entry number.
Example 1 - check Subjects table
Example 2 - generate CSV file
Example 3 - update CMDB
Use the following environment variable to configure
(optional) Specifies a directory where the CM configuration is installed, usually referred to as <configuration_root>. Specifying this environment variable allows the program to use database connection details from cm.conf if placed in a nonstandard location.
If this environment variable is not specified, and the program is placed in the default directory of <install_root>/tools, the program will automatically find the CM configuration and the database connection details.
This article is valid for Certificate Manager 8.4 and later.