diff --git a/docs/reference/commands/certutil.asciidoc b/docs/reference/commands/certutil.asciidoc index 83798f4fc8fda..6720aef470049 100644 --- a/docs/reference/commands/certutil.asciidoc +++ b/docs/reference/commands/certutil.asciidoc @@ -128,70 +128,71 @@ explains how to use the files. === Parameters `ca`:: Specifies to generate a new local certificate authority (CA). This -parameter cannot be used with the `csr` or `cert` parameters. +parameter cannot be used with the `csr`, `cert` or `http` parameters. `cert`:: Specifies to generate new X.509 certificates and keys. -This parameter cannot be used with the `csr` or `ca` parameters. +This parameter cannot be used with the `csr`, `ca` or `http` parameters. `csr`:: Specifies to generate certificate signing requests. This parameter -cannot be used with the `ca` or `cert` parameters. +cannot be used with the `ca`, `cert` or `http` parameters. `http`:: Generates a new certificate or certificate request for the {es} HTTP -interface. +interface. This parameter cannot be used with the `ca`, `cert` or `csr` parameters. `--ca `:: Specifies the path to an existing CA key pair -(in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters. +(in PKCS#12 format). This parameter is only applicable to the `cert` parameter. `--ca-cert `:: Specifies the path to an existing CA certificate (in PEM format). You must also specify the `--ca-key` parameter. The `--ca-cert` -parameter cannot be used with the `ca` or `csr` parameters. +parameter is only applicable to the `cert` parameter. `--ca-dn `:: Defines the _Distinguished Name_ (DN) that is used for the generated CA certificate. The default value is `CN=Elastic Certificate Tool Autogenerated CA`. This parameter cannot be used -with the `csr` parameter. +with the `csr` or `http` parameters. `--ca-key `:: Specifies the path to an existing CA private key (in PEM format). You must also specify the `--ca-cert` parameter. The `--ca-key` -parameter cannot be used with the `ca` or `csr` parameters. +parameter is only applicable to the `cert` parameter. `--ca-pass `:: Specifies the password for an existing CA private key -or the generated CA private key. This parameter cannot be used with the `ca` or -`csr` parameters. +or the generated CA private key. This parameter is only applicable to the `cert` parameter `--days `:: Specifies an integer value that represents the number of days the generated certificates are valid. The default value is `1095`. This parameter -cannot be used with the `csr` parameter. +cannot be used with the `csr` or `http` parameters. `--dns `:: Specifies a comma-separated list of DNS names. This -parameter cannot be used with the `ca` parameter. +parameter cannot be used with the `ca` or `http` parameters. `-E `:: Configures a setting. `-h, --help`:: Returns all of the command parameters. `--in `:: Specifies the file that is used to run in silent mode. The -input file must be a YAML file. This parameter cannot be used with the `ca` -parameter. +input file must be a YAML file. This parameter cannot be used with the `ca` or +`http` parameters. `--ip `:: Specifies a comma-separated list of IP addresses. This -parameter cannot be used with the `ca` parameter. +parameter cannot be used with the `ca` or `http` parameters. `--keysize `:: Defines the number of bits that are used in generated RSA keys. The default -value is `2048`. +value is `2048`. This parameter cannot be used with the `http` parameter. `--multiple`:: Specifies to generate files for multiple instances. This parameter cannot be -used with the `ca` parameter. +used with the `ca` or `http` parameters. `--name `:: Specifies the name of the generated certificate. This parameter cannot be used -with the `ca` parameter. +with the `ca` or `http` parameters. -`--out `:: Specifies a path for the output files. +`--out `:: Specifies a path for the output files. This parameter +cannot be used with the `http` parameter. `--pass `:: Specifies the password for the generated private keys. +This parameter cannot be used with the `http` parameters. + Keys stored in PKCS#12 format are always password protected, however, this password may be _blank_. If you want to specify a blank password @@ -206,7 +207,7 @@ wish to password-protect your PEM keys, then do not specify `--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This -parameter cannot be used with the `csr` parameter. +parameter cannot be used with the `csr` or `http` parameters. `--self-signed`:: Generates self-signed certificates. This parameter is only applicable to the `cert` parameter.