This repository has been archived by the owner on Jan 24, 2020. It is now read-only.
forked from smallstep/cli
-
Notifications
You must be signed in to change notification settings - Fork 1
/
certificate.go
99 lines (82 loc) · 2.46 KB
/
certificate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package certificate
import (
"github.com/smallstep/cli/command"
"github.com/urfave/cli"
)
// Command returns the cli.Command for jwt and related subcommands.
func init() {
cmd := cli.Command{
Name: "certificate",
Usage: "create, revoke, validate, bundle, and otherwise manage certificates",
UsageText: "step certificate SUBCOMMAND [ARGUMENTS] [GLOBAL_FLAGS] [SUBCOMMAND_FLAGS]",
Description: `**step certificate** command group provides facilities for creating
certificate signing requests (CSRs), creating self-signed certificates
(e.g., for use as a root certificate authority), generating leaf or
intermediate CA certificate by signing a CSR, validating certificates,
renewing certificates, generating certificate bundles, and key-wrapping
of private keys.
## EXAMPLES
Create a root certificate and private key using the default parameters (EC P-256 curve):
'''
$ step certificate create foo foo.crt foo.key --profile root-ca
'''
Create a leaf certificate and private key using the default parameters (EC P-256 curve):
'''
$ step certificate create baz baz.crt baz.key --ca ./foo.crt --ca-key ./foo.key
'''
Create a CSR and private key using the default parameters (EC P-256 curve):
'''
$ step certificate create zap zap.csr zap.key --csr
'''
Sign a CSR and generate a signed certificate:
'''
$ step certificate sign zap.csr foo.crt foo.key
'''
Inspect the contents of a certificate:
'''
$ step certificate inspect ./baz.crt
'''
Verify the signature of a certificate:
'''
$ step certificate verify ./baz.crt --roots ./foo.crt
'''
Lint the contents of a certificate to check for common errors and missing fields:
'''
$ step certificate lint ./baz.crt
'''
Bundle an end certificate with the issuing certificate:
'''
$ step certificate bundle ./baz.crt ./foo.crt bundle.crt
'''
Convert PEM format certificate to DER and write to disk.
'''
$ step certificate format foo.pem --out foo.der
'''
Extract the public key from a PEM encoded certificate:
'''
$ step certificate key foo.crt
'''
Install a root certificate in the system truststore:
'''
$ step certificate install root-ca.crt
'''
Uninstall a root certificate from the system truststore:
'''
$ step certificate uninstall root-ca.crt
'''`,
Subcommands: cli.Commands{
bundleCommand(),
createCommand(),
formatCommand(),
inspectCommand(),
fingerprintCommand(),
lintCommand(),
signCommand(),
verifyCommand(),
keyCommand(),
installCommand(),
uninstallCommand(),
},
}
command.Register(cmd)
}