Healthcheck commands
Use this command to check if your credentials and signing tools were configured correctly in SMCTL.
Command
To run a healthcheck on your credentials and signing tools, use the command:
smctl healthcheck
Flags
The healthcheck command supports these flags:
Shortcut | Flag | Description |
---|---|---|
--all | Verify user credentials and tools you can sign with. | |
--tools | Verify configured tools you can sign with. | |
--user | Verify your user credentials and view your permissions. | |
-h | --help | Help for describing a keypair. |
Examples
Check user credentials and tools
To verify your user credentials and the signing tools that are configured for you to sign with, use the command:
smctl healthcheck
Command sample:
--------- User credentials ------ Status: Connected Username: john.doe Accounts: Example, Inc. Authentication: 2FA Environment: Unknown Credentials: Host: https://clientauth.one.digicert.com API key: 01a007567da265b5909d11b8ea_b70xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb9 (Pulled from environment variable) Client certificate file path: C:\Users\John.Doe\Documents\STM\JohnD_Auth_Cert_2023.p12 Client certificate password: JM7QxxxxxxqO (Pulled from environment variable) API keys: Name: John API Token 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC) Client certificates: Name: John Auth Cert (expires on Tue, 31 Jan 2023 23:59:59 UTC) Name: John Auth Cert 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC) Privileges: Can sign: Yes Can approve release window: Yes Can revoke certificate: Yes Permissions: Account Manager: VIEW_AM_USER VIEW_AM_ORGANIZATION MANAGE_AM_PERMISSION VIEW_AM_ROLE VIEW_AM_ACCOUNT VIEW_AM_AUDIT_LOG Keypairs: APPROVE_SM_KEYPAIR_DELETE GENERATE_SM_KEYPAIR MANAGE_SM_KEYPAIR REQUEST_SM_KEYPAIR_EXPORT EXPORT_SM_KEYPAIR APPROVE_SM_KEYPAIR_EXPORT IMPORT_SM_KEYPAIR SIGN_SM_HASH MANAGE_SM_MASTER_KEYPAIR VIEW_SM_KEYPAIR Certificates: MANAGE_SM_CERTIFICATE_PROFILE GENERATE_SM_CERTIFICATE IMPORT_SM_CERTIFICATE VIEW_SM_CERTIFICATE VIEW_SM_CERTIFICATE_TEMPLATE VIEW_SM_CERTIFICATE_PROFILE REVOKE_SM_CERTIFICATE Releases: APPROVE_SM_RELEASE_WINDOW REQUEST_SM_RELEASE_WINDOW VIEW_SM_RELEASE_WINDOW Audit logs: VIEW_SM_AUDIT_LOG EXPORT_SM_LOGS Other permissions: MANAGE_SM_CC_API_KEY VIEW_SM_LICENSE MANAGE_SM_HIERARCHY MANAGE_SM_ACCOUNT_SETTINGS --------- Signing tools --------- Nuget: Mapped: No Jarsigner: Mapped: No Apksigner: Mapped: No Signtool 32 bit: Mapped: No Signtool: Mapped: Yes Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.33621.0\x64\signtool.exe Mage: Mapped: No
Check user credentials
To verify your user credentials and permissions, use the command:
smctl healthcheck --user
Command output sample:
--------- User credentials ------ Status: Connected Username: john.doe Accounts: Example, Inc. Authentication: 2FA Environment: Unknown Credentials: Host: https://clientauth.one.digicert.com API key: 01a007567da265b5909d11b8ea_b70xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb9 (Pulled from environment variable) Client certificate file path: C:\Users\John.Doe\Documents\STM\JohnD_Auth_Cert_2023.p12 Client certificate password: JM7QxxxxxxqO (Pulled from environment variable) API keys: Name: John API Token 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC) Client certificates: Name: John Auth Cert (expires on Tue, 31 Jan 2023 23:59:59 UTC) Name: John Auth Cert 2023 (expires on Fri, 31 Jan 2025 23:59:59 UTC) Privileges: Can sign: Yes Can approve release window: Yes Can revoke certificate: Yes Permissions: Account Manager: VIEW_AM_USER VIEW_AM_ORGANIZATION MANAGE_AM_PERMISSION VIEW_AM_ROLE VIEW_AM_ACCOUNT VIEW_AM_AUDIT_LOG Keypairs: APPROVE_SM_KEYPAIR_DELETE GENERATE_SM_KEYPAIR MANAGE_SM_KEYPAIR REQUEST_SM_KEYPAIR_EXPORT EXPORT_SM_KEYPAIR APPROVE_SM_KEYPAIR_EXPORT IMPORT_SM_KEYPAIR SIGN_SM_HASH MANAGE_SM_MASTER_KEYPAIR VIEW_SM_KEYPAIR Certificates: MANAGE_SM_CERTIFICATE_PROFILE GENERATE_SM_CERTIFICATE IMPORT_SM_CERTIFICATE VIEW_SM_CERTIFICATE VIEW_SM_CERTIFICATE_TEMPLATE VIEW_SM_CERTIFICATE_PROFILE REVOKE_SM_CERTIFICATE Releases: APPROVE_SM_RELEASE_WINDOW REQUEST_SM_RELEASE_WINDOW VIEW_SM_RELEASE_WINDOW Audit logs: VIEW_SM_AUDIT_LOG EXPORT_SM_LOGS Other permissions: MANAGE_SM_CC_API_KEY VIEW_SM_LICENSE MANAGE_SM_HIERARCHY MANAGE_SM_ACCOUNT_SETTINGS
Check integrated third-party tools
To verify the signing tools that are configured for you to sign with, use the command:
smctl healthcheck --tools
Command output sample:
--------- Signing tools --------- Nuget: Mapped: Yes Path: C:\Program Files (x86)\NuGet.exe Jarsigner: Mapped: Yes Path: C:\Program Files\Java\jdk-17\bin\jarsigner.exe Apksigner: Mapped: No Signtool 32 bit: Mapped: Yes Path: C:\Program Files (x86)\Windows Kits\signtool_32.exe Signtool: Mapped: Yes Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.22621.0\x64\signtool.exe Mage: Mapped: Yes Path: C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\mage.exe