Certificates commands
This section covers commands that you use in SMCTL to manage certificates.
Commands
To view all actions to manage certificates, run:
smctl certificate --help
or
smctl cert -h
Subcommands
Certificate commands begin with:
smctl cert <subcommand>
Certificate commands support these flags:
Shortcut | Subcommand | Description |
---|---|---|
desc | describe | Describe a certificate's details. |
download or save | Download a certificate for the provided certificate id, keypair ID or keypair alias. The downloaded file will not have the private key. If a file exists with the same name in the output directory, this process will overwrite it. | |
import | Import a certificate for a keypair. | |
ls | list | List certificates. |
profile | Manage certificate profiles. |
Describe certificate
To describe the certificate details for the specified certificate ID:
smctl cert describe <flag>
or
smctl cert desc <flag>
Shortcut | Flag | Description |
---|---|---|
--cert-hash-alg string | The certificate hash algorithm types are SHA1, SHA256, SHA384 or SHA512. The default algorithm type is SHA1. Format: --cert-hash-alg="<value>" | |
--cert-hash-encoding string | The certificate hash encoding types are HEX or BASE64. The default encoding type is HEX. Format: --cert-hash-encoding="<value>" | |
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
-h | --help | Help for describe certificate. |
Examples
Description: Describe the certificate with the provided certificate ID.
Command:
smctl certificate describe <certificate-id>
Command sample:
smctl certificate desc 7747527b-6cc0-4ccf-8099-a6df1bf90bc14
Description: Describe the certificate with the provided certificate ID and hash and display the fingerprint with SHA-256.
Command:
smctl certificate describe <certificate-id> --cert-hash-alg="<algorithm>"
Command sample:
smctl certificate desc 7747527b-6cc0-4ccf-8099-a6df1bf90bc14 --cert-hash-alg=“SHA256”
Download certificate
Use one of the following commands to list all available actions to download a certificate:
smctl cert download <flag>
or
smctl cert save <flag>
Shortcut | Flag | Description |
---|---|---|
-c | --chain | Download the complete certificate chain. |
-f | --format string | Allowed formats include Format: --format="<value>" |
--keypair-alias string | Download the default certificate for a keypair alias. Format: --keypair-alias="<value>" | |
--keypair-id string | Download the default certificate for a keypair ID. Format: --keypair-id="<value>" | |
-n | --name string | Name of the certificate file. The default name is the certificate alias. Format: --name="<value>" |
-o | --out string | Output path where the certificate is to be downloaded. Format: --out="<value>" |
-p | --password string | Password to be used in case of p12 or pfx format. The default is “changeit”. Format: --password="<value>" |
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
--issuer-first | By default, the end entity certificate is placed first when downloading complete chain. Setting this option to put the Root CA first. | |
-h | --help | Help for download. |
Examples
Description: Download a certificate for the provided certificate ID to the specified output folder.
Command:
smctl certificate download <certificate-id> --out <path where certificate should be stored>
Command sample:
smctl certificate download 23454-234542-23454-23454 –-out C:\Users\Name\Desktop
Description: Download the default certificate for the provided keypair alias. The complete certificate chain will be downloaded in .der format in the current SMCTL directory.
Command:
smctl certificate download --keypair-alias=<keypair alias> --chain --format=<format>
Command sample:
smctl certificate download --keypair-alias=keypairdynamic-key-mk2 -c -f=der
Import certificate
To import a certificate for a keypair:
smctl cert import <flag>
Shortcut | Flag | Description |
---|---|---|
--der | Import certificate in | |
--set-as-default | Set this certificate as the default certificate for the keypair specified. | |
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
-h | --help | Help for import command. |
Example
Description: Import the certificate for the given keypair ID and specified certificate alias.
Command:
smctl certificate import <keypair-id> <certificate-alias> <certificate-file>
Command sample:
smctl certificate import keypair-dynamic-alias kp1-cert-alias C:\Users\Name\Desktop\certificate_name.crt
Certificate profile
To describe or list a certificate profile:
smctl certificate profile <subcommand> <flag>
Shortcut | Subcommand | Description |
---|---|---|
desc | describe | Describe a certificate profile. |
ls | list | List certificate profiles. |
The certificate profiles subcommands support these flags:
Shortcut | Flags | Description |
---|---|---|
-f | --filter stringToString | Filters based on field=value, supported fields(name). The default is []. (List subcommand only) Format: --filter="<value>" |
--account-id string | Account ID for the user. (Describe and list subcommands) Format: --account-id="<value>" | |
--page int | Page number. Default is –1, which lists all pages. (List subcommands only) | |
--size int | Page size. Default is 100. (List subcommands only) | |
-h | --help | Help for certificate profiles. (Describe and list subcommands) |
Examples
Description: Describe a certificate profile for a given certificate profile ID.
Command:
smctl certificate profile describe <certificate-profile-id>
Command sample:
smctl certificate profile describe 047c9ab5-2130-4425-a015-59f7c898cd33
Description: List all certificate profiles for a particular filter name.
Command:
smctl certificate profile list --filter name=<certificate profile name>
Command sample:
smctl certificate profile ls --filter name=ca-cert-profile-test
List certificates
To list all certificates in your account:
smctl certificate list <flag>
or
smctl cert ls <flag>
Shortcut | Flag | Description |
---|---|---|
--cert-hash-alg string | Specify if you only want to list the certificates with the hash algorithm type: SHA1, SHA256, SHA384 or SHA512. Default is SHA1. Format: --cert-hash-alg="<value>" | |
--cert-hash-encoding string | Specify if you want the certificate hash encoding type to be HEX or BASE64. Default is HEX. Format: --cert-hash-encoding="<value>" | |
--filter stringToString | The supported fields are: id, alias, certificate_status, and keypair_id. The default field is []. Format: --filter="<value>" | |
--account-id string | Account ID for the user. Format: --account-id="<value>" | |
--page int | Page number. Default is -1, which lists all pages. | |
--size int | Page size. Default page size is 100. | |
-h | --help | Help for list certificates command. |
Example
Description: List all the certificates and display the fingerprint in SHA-1 hash.
Command:
smctl certificate list --cert-hash-alg=<algorithm>
Subcommand:
smctl certificate ls --cert-hash-alg=SHA1