Using the setuptrust command
You can use the setuptrust command to contact the broker to be trusted, obtain its certificate or details over the wire, and add to the trust repository if the furnished details are trustworthy. The security administrator can configure one of the following levels of security for distributing root certificates:
High security (2): If a previously untrusted root is acquired from the peer (that is, if no certificate with the same signature exists in our trust store), the user is prompted to verify the hash.
Medium security (1): The first authentication broker is trusted without prompting. Any attempts to trust subsequent authentication brokers causes the user to be prompted for a hash verification before the certificate is added to the trusted store.
Low security (0): The authentication broker certificate is always trusted without any prompting. The vssat CLI is located in the authentication service 'bin' directory.
The setuptrust command uses the following syntax:
vssat setuptrust --broker <host[:port]> --securitylevel high [-F]
The setuptrust command uses the following arguments:
The broker, host, and port arguments are first. The host and port of the broker to be trusted. The registered port for Authentication is 2821. If the broker has been configured with another port number, consult your security administrator for information.
Use the -F (--enable_fips) option to run the vssat command in the FIPS mode. By default, the FIPS mode is disabled.