File: certificate.go

package info (click to toggle)
golang-github-smallstep-cli 0.15.16%2Bds-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,404 kB
  • sloc: sh: 512; makefile: 99
file content (100 lines) | stat: -rw-r--r-- 2,532 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
 
package certificate

import (
	"github.com/smallstep/cli/command"
	"github.com/urfave/cli"
)

// Command returns the cli.Command for jwt and related subcommands.
func init() {
	cmd := cli.Command{
		Name:      "certificate",
		Usage:     "create, revoke, validate, bundle, and otherwise manage certificates",
		UsageText: "step certificate SUBCOMMAND [ARGUMENTS] [GLOBAL_FLAGS] [SUBCOMMAND_FLAGS]",
		Description: `**step certificate** command group provides facilities for creating
certificate signing requests (CSRs), creating self-signed certificates
(e.g., for use as a root certificate authority), generating leaf or
intermediate CA certificate by signing a CSR, validating certificates,
renewing certificates, generating certificate bundles, and key-wrapping
of private keys.

## EXAMPLES

Create a root certificate and private key using the default parameters (EC P-256 curve):
'''
$ step certificate create foo foo.crt foo.key --profile root-ca
'''

Create a leaf certificate and private key using the default parameters (EC P-256 curve):
'''
$ step certificate create baz baz.crt baz.key --ca ./foo.crt --ca-key ./foo.key
'''

Create a CSR and private key using the default parameters (EC P-256 curve):
'''
$ step certificate create zap zap.csr zap.key --csr
'''

Sign a CSR and generate a signed certificate:
'''
$ step certificate sign zap.csr foo.crt foo.key
'''

Inspect the contents of a certificate:
'''
$ step certificate inspect ./baz.crt
'''

Verify the signature of a certificate:
'''
$ step certificate verify ./baz.crt --roots ./foo.crt
'''

Lint the contents of a certificate to check for common errors and missing fields:
'''
$ step certificate lint ./baz.crt
'''

Bundle an end certificate with the issuing certificate:
'''
$ step certificate bundle ./baz.crt ./foo.crt bundle.crt
'''

Convert PEM format certificate to DER and write to disk.
'''
$ step certificate format foo.pem --out foo.der
'''

Extract the public key from a PEM encoded certificate:
'''
$ step certificate key foo.crt
'''

Install a root certificate in the system truststore:
'''
$ step certificate install root-ca.crt
'''

Uninstall a root certificate from the system truststore:
'''
$ step certificate uninstall root-ca.crt
'''`,

		Subcommands: cli.Commands{
			bundleCommand(),
			createCommand(),
			formatCommand(),
			inspectCommand(),
			fingerprintCommand(),
			lintCommand(),
			signCommand(),
			verifyCommand(),
			keyCommand(),
			installCommand(),
			uninstallCommand(),
			p12Command(),
		},
	}

	command.Register(cmd)
}