Overview

Cloudctl is a command line tool to manage Container Application Software for Enterprises (CASE)

Download

1. Download the tar archive for your OS from the assets in releases
2. Download the corresponding .sig file for verification purposes

Check Certificate/Key Validity

Clone this repository to get the following PEM files for verification purposes:

• cloudctl.pub
• cloudctl-chain0.pub
• cloudctl-chain1.pub

Verify that the certificate/key is owned by IBM:

openssl x509 -inform pub -in cloudctl.pub -noout -text

Verify authenticity of certificate/key:

cat cloudctl-chain0.pub > chain.pub
cat cloudctl-chain1.pub >> chain.pub

openssl ocsp -no_nonce -issuer chain.pub -cert cloudctl.pub -VAfile chain.pub -text -url http://ocsp.digicert.com -respout ocsptest

Should see a message that contains

Response verify OK

Optionallay Validate Each Certificate Individually

Verify that the certificate is still active:

openssl ocsp -no_nonce -issuer cloudctl-chain0.pub -cert cloudctl.pub -VAfile cloudctl-chain0.pub -text -url http://ocsp.digicert.com -respout ocsptest

Should see a message that contains

Response verify OK

Verify that the intermediate certificate is still active:

openssl ocsp -no_nonce -issuer cloudctl-chain1.pub -cert cloudctl-chain0.pub -VAfile cloudctl-chain1.pub -text -url http://ocsp.digicert.com -respout ocsptest

Should see a message that contains

Response verify OK

Verify Archive

After completing verification of the certificate, extract public key:

openssl x509 -pubkey -noout -in cloudctl.pub > public.key

The public key is used to verify the tar archive:

openssl dgst -sha256 -verify public.key -signature <cloudctl_signature_file> <tar.gz_file>

e.g.

openssl dgst -sha256 -verify public.key -signature cloudctl-darwin-amd64.sig cloudctl-darwin-amd64.tar.gz

Should see a message that contains

Verified OK

Install

Extract the archive

- `tar -xzf <archive-name>`

There should be a binary executable after extraction