Signing Manager Controller (SMCTL)
Signing Manager Controller (SMCTL) provides a Command Line Interface (CLI) that facilitates manual and automated private key management, certificate management, and signing with or without the need for human intervention.
SMCTL comes with a built-in help function and provides instructions on all commands and subcommands to assist users in the CTL tool.
SMCTL provides secure key generation, application hash signing, and associated certificate-related requirements when the signing request does not require the transportation of files and intellectual property.
Prerequisites
Commands
To view all SMCTL commands:
smctl --help
or
smctl -h
Subcommands
These subcommands specify the actions you can apply to commands when using SMCTL.
All SMCTL commands begin with:
smctl <subcommand>
ショートカット | サブコマンド | 説明 |
|---|---|---|
cert | 証明書を管理します。 | |
creds | OS の資格情報ストアの DigiCert® Software Trust Manager 資格情報を管理します。 | |
View and confirm the validity of the credentials and tools configured. For Windows and Linux, run: smctl healthcheck For macOS, run: ./smctl-mac-x64 healthcheck | ||
kp | 鍵ペアを管理します。 | |
manual | Signing Managerのコマンドラインインターフェイスの最新の man ページを生成します。デフォルトでは、現在のディレクトリの下の man-pages ディレクトリにマニュアルページファイルが作成されます。 | |
署名、検証、削除を行います。 | ||
ユーザーデータを取得します。 | ||
Windows OS特有のコマンド |
Flags
Flags are used to modify the behavior of a subcommand by specifying parameters. Apply these flags to the subcommands above when using SMCTL.
Shortcut | Flag | Description |
|---|---|---|
-v | --version | This flag displays the version of SMCTL. |
Not applicable | --dir string | This flag specifies the directory where the man pages will be written, with the default being man-pages/. Format: --dir="<value>" |
-h | --help | This flag displays help information for SMCTL. |
Not applicable | --description | This flag:
|
Not applicable | --desc-url | This flag:
|
What signing tools can SMCTL integrate with?
SMCTL integrates with and enables secure hash-based signing with the following signing tools while maintaining key protection, permission-based access and reporting all signing activities:
Download SMCTL
In the KeyLocker menu, go to Resources > Client tool repository.
Select the Client tools tab.
Select your operating system.
Click the download icon next to Signing Manager Controller (SMCTL).
Step 5: Verify that you are ready to sign
SMCTL will now show in the Installed section of DigiCert ONE Clients.
Find SMCTL in DigiCert ONE Clients.
Select Open.
Run the command:
smctl healthcheck
Review the following sample output:
--------- User credentials ------ Status: Connected Username: john.doe Accounts: Win The Customer, LLC Authentication: 2FA Environment: Prod Credentials: Host: https://clientauth.one.digicert.com API key: 012345fe67a1234f56a7d8c911_055xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd6 (Pulled from OS credential store) Client certificate file path: C:\Users\John.Doe\.digicert-ucpc\certs\1ec2dcd3-c4d5-481a-67a1-b891cc0c1234\20260122133923-480f4000-f123-4567-bd89-1cde2d834567.p12 Client certificate password: 1+cJxxxxxxmt (Pulled from OS credential store) Privileges: Can sign: Yes Can approve release window: Yes Can revoke certificate: Yes Permissions: Account Manager: VIEW_AM_USER VIEW_AM_ORGANIZATION MANAGE_AM_PERMISSION VIEW_AM_ROLE VIEW_AM_ACCOUNT VIEW_AM_AUDIT_LOG Keypairs: MANAGE_SM_KEYPAIR VIEW_SM_KEYPAIR Certificates: VIEW_SM_CERTIFICATE REVOKE_SM_CERTIFICATE Other permissions: MANAGE_SM_CC_API_KEY --------- Signing tools --------- Nuget: Mapped: No Jarsigner: Mapped: No Apksigner: Mapped: No Signtool 32 bit: Mapped: No Signtool: Mapped: Yes Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.33621.0\x64\signtool.exe Mage: Mapped: Noヒント
If the check is successful, the output shows Status: Connected.