Skip to main content

Healthcheck commands

Use this command to check if your credentials and signing tools were configured correctly in SMCTL.

Command

To run a healthcheck on your credentials and signing tools, use the command:

smctl healthcheck

Flags

The healthcheck command supports these flags:

tabla 1. Flags for healthcheck

Shortcut

Flag

Description

--all

Verify user credentials and tools you can sign with.

--tools

Verify configured tools you can sign with.

--user

Verify your user credentials and view your permissions.

-h

--help

Help for describing a keypair.


Examples

Check user credentials and tools

To verify your user credentials and the signing tools that are configured for you to sign with, use the command:

smctl healthcheck

Command sample:

--------- User credentials ------
Status: Connected

Username: john.doe
Accounts: Example, Inc.
Authentication: 2FA
Environment: Unknown
Credentials:
        Host: https://clientauth.one.digicert.com
        API key: 01a007567da265b5909d11b8ea_b70xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb9 (Pulled from environment variable)
        Client certificate file path: C:\Users\John.Doe\Documents\STM\JohnD_Auth_Cert_2023.p12
        Client certificate password: JM7QxxxxxxqO (Pulled from environment variable)
API keys:
        Name: John API Token 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC)
Client certificates:
        Name: John Auth Cert (expires on Tue, 31 Jan 2023 23:59:59 UTC)
        Name: John Auth Cert 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC)
Privileges:
        Can sign: Yes
        Can approve release window: Yes
        Can revoke certificate: Yes

Permissions:
Account Manager:
        VIEW_AM_USER
        VIEW_AM_ORGANIZATION
        MANAGE_AM_PERMISSION
        VIEW_AM_ROLE
        VIEW_AM_ACCOUNT
        VIEW_AM_AUDIT_LOG

Keypairs:
        APPROVE_SM_KEYPAIR_DELETE
        GENERATE_SM_KEYPAIR
        MANAGE_SM_KEYPAIR
        REQUEST_SM_KEYPAIR_EXPORT
        EXPORT_SM_KEYPAIR
        APPROVE_SM_KEYPAIR_EXPORT
        IMPORT_SM_KEYPAIR
        SIGN_SM_HASH
        MANAGE_SM_MASTER_KEYPAIR
        VIEW_SM_KEYPAIR

Certificates:
        MANAGE_SM_CERTIFICATE_PROFILE
        GENERATE_SM_CERTIFICATE
        IMPORT_SM_CERTIFICATE
        VIEW_SM_CERTIFICATE
        VIEW_SM_CERTIFICATE_TEMPLATE
        VIEW_SM_CERTIFICATE_PROFILE
        REVOKE_SM_CERTIFICATE

Releases:
        APPROVE_SM_RELEASE_WINDOW
        REQUEST_SM_RELEASE_WINDOW
        VIEW_SM_RELEASE_WINDOW

Audit logs:
        VIEW_SM_AUDIT_LOG
        EXPORT_SM_LOGS

Other permissions:
        MANAGE_SM_CC_API_KEY
        VIEW_SM_LICENSE
        MANAGE_SM_HIERARCHY
        MANAGE_SM_ACCOUNT_SETTINGS

--------- Signing tools ---------
Nuget:
        Mapped: No
Jarsigner:
        Mapped: No
Apksigner:
        Mapped: No
Signtool 32 bit:
        Mapped: No
Signtool:
        Mapped: Yes
        Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.33621.0\x64\signtool.exe
Mage:
        Mapped: No

Check user credentials

To verify your user credentials and permissions, use the command:

smctl healthcheck --user

Command output sample:

--------- User credentials ------
Status: Connected

Username: john.doe
Accounts: Example, Inc.
Authentication: 2FA
Environment: Unknown
Credentials:
        Host: https://clientauth.one.digicert.com
        API key: 01a007567da265b5909d11b8ea_b70xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb9 (Pulled from environment variable)
        Client certificate file path: C:\Users\John.Doe\Documents\STM\JohnD_Auth_Cert_2023.p12
        Client certificate password: JM7QxxxxxxqO (Pulled from environment variable)
API keys:
        Name: John API Token 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC)
Client certificates:
        Name: John Auth Cert (expires on Tue, 31 Jan 2023 23:59:59 UTC)
        Name: John Auth Cert 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC)
Privileges:
        Can sign: Yes
        Can approve release window: Yes
        Can revoke certificate: Yes

Permissions:
Account Manager:
        VIEW_AM_USER
        VIEW_AM_ORGANIZATION
        MANAGE_AM_PERMISSION
        VIEW_AM_ROLE
        VIEW_AM_ACCOUNT
        VIEW_AM_AUDIT_LOG

Keypairs:
        APPROVE_SM_KEYPAIR_DELETE
        GENERATE_SM_KEYPAIR
        MANAGE_SM_KEYPAIR
        REQUEST_SM_KEYPAIR_EXPORT
        EXPORT_SM_KEYPAIR
        APPROVE_SM_KEYPAIR_EXPORT
        IMPORT_SM_KEYPAIR
        SIGN_SM_HASH
        MANAGE_SM_MASTER_KEYPAIR
        VIEW_SM_KEYPAIR

Certificates:
        MANAGE_SM_CERTIFICATE_PROFILE
        GENERATE_SM_CERTIFICATE
        IMPORT_SM_CERTIFICATE
        VIEW_SM_CERTIFICATE
        VIEW_SM_CERTIFICATE_TEMPLATE
        VIEW_SM_CERTIFICATE_PROFILE
        REVOKE_SM_CERTIFICATE

Releases:
        APPROVE_SM_RELEASE_WINDOW
        REQUEST_SM_RELEASE_WINDOW
        VIEW_SM_RELEASE_WINDOW

Audit logs:
        VIEW_SM_AUDIT_LOG
        EXPORT_SM_LOGS

Other permissions:
        MANAGE_SM_CC_API_KEY
        VIEW_SM_LICENSE
        MANAGE_SM_HIERARCHY
        MANAGE_SM_ACCOUNT_SETTINGS

Check integrated third-party tools

To verify the signing tools that are configured for you to sign with, use the command:

smctl healthcheck --tools

Command output sample:

--------- Signing tools ---------
Nuget:
        Mapped: Yes
        Path: C:\Program Files (x86)\NuGet.exe
Jarsigner:
        Mapped: Yes
        Path: C:\Program Files\Java\jdk-17\bin\jarsigner.exe
Apksigner:
        Mapped: No
Signtool 32 bit:
        Mapped: Yes
        Path: C:\Program Files (x86)\Windows Kits\signtool_32.exe
Signtool:
        Mapped: Yes
        Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe
Mage:
        Mapped: Yes
        Path: C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\mage.exe
En esta sección: