Follow

Info: Using Schematool

Summary:

Schematool is a utility that allows you to import or export an XML file to update/add changes to the schema, or to export all or part of the current configuration. This utility only captures Config information. All Secret Store data is not captured.

More Information:

NOTE: If you are having issues, remember:

  • Schematool must be run from your platforms directory at an administrator command prompt
  • The account must have Log On As A service rights as well.

Default Location: c:\Program Files\venafi\Platform

For Schematool version:

SchemaTool <userdn> [<password>] version

To export your Schema:

SchemaTool <userdn> [<password>] export=<xml schema file> 

To export your full Schema:

 

SchemaTool <userdn> [<password>]  export=<xml schema file> recursive 

 

For an import of an XML file:

SchemaTool <userdn> [<password>] <xml schema file>

Example: To export specific areas of your Policy tree, Policy values, and Class Filters:

SchemaTool <userdn> [<password>] export=<xml schema file> [start=<objectDN>] [recursive] [class=<class name>]

Example: To Export all newly discovered data

SchemaTool.exe username password export=discovery.xml start=\VED\Discovery recursive

Example: To export all event definitions:

SchemaTool.exe username password export=eventdefinitions.xml class="Log Application" recursive


 Example: To create a policy object and create two certificate objects within the new policy

Use the command:

SchemaTool.exe admin Passw0rd c:\temp\Certificate-Import.xml

 

Example XML file (c:\temp\Certificate-Import.xml):

Note: Even though in the example we set Country, State, Organization, OU, and Subject attributes for both certificate objects, it is most common to ONLY set the certificate object name and common name - all other certificate attributes can be set through Policy on the certificate object so that they are more easily to manipulate in mass in the future.

<?xml version="1.0" encoding="utf-8"?>
<ConfigSchema Type="Import Certificates">
<CreateObject Class="Policy" Parent="\VED\Policy" Name="Auto-Create"></CreateObject>

<CreateObject Name="support.venafi.com" Parent="\VED\Policy\Auto-Create" Class="X509 Certificate">
<Attribute Name="Driver Name">appx509certificate</Attribute>
<Attribute Name="Country">US</Attribute>
<Attribute Name="State">UT</Attribute>
<Attribute Name="City">Salt Lake City</Attribute>
<Attribute Name="Organization">Venafi, Inc.</Attribute>
<Attribute Name="Organizational Unit">Venafi Information Technology</Attribute>
<Attribute Name="X509 Subject">support.venafi.com</Attribute>
</CreateObject>

<CreateObject Name="training.venafi.com" Parent="\VED\Policy\Auto-Create" Class="X509 Certificate">
<Attribute Name="Driver Name">appx509certificate</Attribute>
<Attribute Name="Country">US</Attribute>
<Attribute Name="State">UT</Attribute>
<Attribute Name="City">Salt Lake City</Attribute>
<Attribute Name="Organization">Venafi, Inc.</Attribute>
<Attribute Name="Organizational Unit">Venafi Information Technology</Attribute>
<Attribute Name="X509 Subject">training.venafi.com</Attribute>
</CreateObject>

</ConfigSchema>

 

 

Was this article helpful?
5 out of 5 found this helpful

Comments