Skip to content

[Doc] Improve doc for certutil parameter applicability #91124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 26, 2022
Merged

[Doc] Improve doc for certutil parameter applicability #91124

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 21 additions & 20 deletions docs/reference/commands/certutil.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,70 +128,71 @@ explains how to use the files.
=== Parameters

`ca`:: Specifies to generate a new local certificate authority (CA). This
parameter cannot be used with the `csr` or `cert` parameters.
parameter cannot be used with the `csr`, `cert` or `http` parameters.

`cert`:: Specifies to generate new X.509 certificates and keys.
This parameter cannot be used with the `csr` or `ca` parameters.
This parameter cannot be used with the `csr`, `ca` or `http` parameters.

`csr`:: Specifies to generate certificate signing requests. This parameter
cannot be used with the `ca` or `cert` parameters.
cannot be used with the `ca`, `cert` or `http` parameters.

`http`:: Generates a new certificate or certificate request for the {es} HTTP
interface.
interface. This parameter cannot be used with the `ca`, `cert` or `csr` parameters.

`--ca <file_path>`:: Specifies the path to an existing CA key pair
(in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters.
(in PKCS#12 format). This parameter is only applicable to the `cert` parameter.

`--ca-cert <file_path>`:: Specifies the path to an existing CA certificate (in
PEM format). You must also specify the `--ca-key` parameter. The `--ca-cert`
parameter cannot be used with the `ca` or `csr` parameters.
parameter is only applicable to the `cert` parameter.

`--ca-dn <name>`:: Defines the _Distinguished Name_ (DN) that is used for the
generated CA certificate. The default value is
`CN=Elastic Certificate Tool Autogenerated CA`. This parameter cannot be used
with the `csr` parameter.
with the `csr` or `http` parameters.

`--ca-key <file_path>`:: Specifies the path to an existing CA private key (in
PEM format). You must also specify the `--ca-cert` parameter. The `--ca-key`
parameter cannot be used with the `ca` or `csr` parameters.
parameter is only applicable to the `cert` parameter.

`--ca-pass <password>`:: Specifies the password for an existing CA private key
or the generated CA private key. This parameter cannot be used with the `ca` or
`csr` parameters.
or the generated CA private key. This parameter is only applicable to the `cert` parameter

`--days <n>`:: Specifies an integer value that represents the number of days the
generated certificates are valid. The default value is `1095`. This parameter
cannot be used with the `csr` parameter.
cannot be used with the `csr` or `http` parameters.

`--dns <domain_name>`:: Specifies a comma-separated list of DNS names. This
parameter cannot be used with the `ca` parameter.
parameter cannot be used with the `ca` or `http` parameters.

`-E <KeyValuePair>`:: Configures a setting.

`-h, --help`:: Returns all of the command parameters.

`--in <input_file>`:: Specifies the file that is used to run in silent mode. The
input file must be a YAML file. This parameter cannot be used with the `ca`
parameter.
input file must be a YAML file. This parameter cannot be used with the `ca` or
`http` parameters.

`--ip <IP_addresses>`:: Specifies a comma-separated list of IP addresses. This
parameter cannot be used with the `ca` parameter.
parameter cannot be used with the `ca` or `http` parameters.

`--keysize <bits>`::
Defines the number of bits that are used in generated RSA keys. The default
value is `2048`.
value is `2048`. This parameter cannot be used with the `http` parameter.

`--multiple`::
Specifies to generate files for multiple instances. This parameter cannot be
used with the `ca` parameter.
used with the `ca` or `http` parameters.

`--name <file_name>`::
Specifies the name of the generated certificate. This parameter cannot be used
with the `ca` parameter.
with the `ca` or `http` parameters.

`--out <file_path>`:: Specifies a path for the output files.
`--out <file_path>`:: Specifies a path for the output files. This parameter
cannot be used with the `http` parameter.

`--pass <password>`:: Specifies the password for the generated private keys.
This parameter cannot be used with the `http` parameters.
+
Keys stored in PKCS#12 format are always password protected, however,
this password may be _blank_. If you want to specify a blank password
Expand All @@ -206,7 +207,7 @@ wish to password-protect your PEM keys, then do not specify


`--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This
parameter cannot be used with the `csr` parameter.
parameter cannot be used with the `csr` or `http` parameters.

`--self-signed`:: Generates self-signed certificates. This parameter is only
applicable to the `cert` parameter.
Expand Down