autonomy cert issue

Issue a new TLS leaf certificate for an edge node identity

Synopsis

Issue a new ECDSA P-256 leaf certificate signed by the local CA.

The generated certificate and private key are written atomically to –cert-file and –key-file using a crash-safe rename sequence.

On crash during write, use ‘autonomy cert list –cert-file ’ to check keypair consistency before restarting the daemon.

Required RBAC permission: cert:manage. Set AUTONOMY_RBAC_ENFORCEMENT=0 to disable enforcement (not recommended in production).

Usage

autonomy cert issue [flags]

Examples

# Issue a leaf cert for node alpha (90-day validity)
  autonomy cert issue \
    --identity    node-alpha.edge.io \
    --cert-file   /etc/edge/certs/node.crt \
    --key-file    /etc/edge/certs/node.key \
    --ca-cert     /etc/edge/certs/ca.crt \
    --ca-key      /etc/edge/certs/ca.key

  # Issue with custom validity
  autonomy cert issue \
    --identity    node-alpha.edge.io \
    --cert-file   /etc/edge/certs/node.crt \
    --key-file    /etc/edge/certs/node.key \
    --ca-cert     /etc/edge/certs/ca.crt \
    --ca-key      /etc/edge/certs/ca.key \
    --validity-days 365

Options

      --ca-cert string      path to CA certificate PEM (required)
      --ca-key string       path to CA private key PEM (required)
      --cert-file string    path to write the new leaf certificate PEM (required)
      --identity string     node identity used as Subject CN and DNS SAN (required)
      --key-file string     path to write the new leaf private key PEM (required)
      --validity-days int   certificate validity period in days (default 90)

See also

• autonomy cert — Manage TLS leaf certificates for edge node identity