autonomy cert

Manage TLS leaf certificates for edge node identity

Synopsis

Manage TLS leaf certificates for edge node mTLS identity.

Certificates are issued and rotated using the local CA private key. Only leaf certificates are managed; CA certificates are offline roots.

Lifecycle events (slog): edge.cert.rotation_started edge.cert.rotation_succeeded edge.cert.rotation_failed

Audit trail: certificate issue and rotate also emit unified audit records.

Subcommands

• autonomy cert check-revocation — Check whether a certificate serial is present in the CRL

• autonomy cert issue — Issue a new TLS leaf certificate for an edge node identity

• autonomy cert list — List and inspect TLS certificate files

• autonomy cert revoke — Revoke a certificate and update the local CRL

• autonomy cert rotate — Rotate an existing TLS leaf certificate in-place

• autonomy cert sync-crl — Fetch the canonical CRL from one or more control-plane endpoints