Skip to main content

Certificates commands

This section covers commands that you use in SMCTL to manage certificates.

Commands

To view all actions to manage certificates, run:

smctl certificate --help

or

smctl cert -h

Subcommands

Certificate commands begin with:

smctl cert <subcommand>

Certificate commands support these flags:

tabla 1. Subcommands for managing certificates

Shortcut

Subcommand

Description

desc

describe

Describe a certificate's details.

download or save

Download a certificate for the provided certificate id, keypair ID or keypair alias. The downloaded file will not have the private key. If a file exists with the same name in the output directory, this process will overwrite it.

import

Import a certificate for a keypair.

ls

list

List certificates.

profile

Manage certificate profiles.


Describe certificate

To describe the certificate details for the specified certificate ID:

smctl cert describe <flag>

or

smctl cert desc <flag>
tabla 2. Flags for describing a certificate

Shortcut

Flag

Description

--cert-hash-alg string

The certificate hash algorithm types are SHA1, SHA256, SHA384 or SHA512. The default algorithm type is SHA1. 

Format:

--cert-hash-alg="<value>"

--cert-hash-encoding string

The certificate hash encoding types are HEX or BASE64. The default encoding type is HEX. 

Format:

--cert-hash-encoding="<value>"

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

-h

--help

Help for describe certificate.


Examples

Description: Describe the certificate with the provided certificate ID.

Command: 

smctl certificate describe <certificate-id>

Command sample: 

smctl certificate desc 7747527b-6cc0-4ccf-8099-a6df1bf90bc14

Description: Describe the certificate with the provided certificate ID and hash and display the fingerprint with SHA-256.

Command: 

smctl certificate describe <certificate-id> --cert-hash-alg="<algorithm>"

Command sample: 

smctl certificate desc 7747527b-6cc0-4ccf-8099-a6df1bf90bc14 --cert-hash-alg=“SHA256”

Download certificate

Use one of the following commands to list all available actions to download a certificate:

smctl cert download <flag>

or

smctl cert save <flag>

tabla 3. Flags for downloading a certificate

Shortcut

Flag

Description

-c

--chain

Download the complete certificate chain.

-f

--format string

Allowed formats include pem, der, p12 or pfx. The default format is pem. The private key will not be downloaded. 

Format:

--format="<value>"

--keypair-alias string

Download the default certificate for a keypair alias. 

Format:

--keypair-alias="<value>"

--keypair-id string

Download the default certificate for a keypair ID. 

Format:

--keypair-id="<value>"

-n

--name string

Name of the certificate file. The default name is the certificate alias. 

Format:

--name="<value>"

-o

--out string

Output path where the certificate is to be downloaded. 

Format:

--out="<value>"

-p

--password string

Password to be used in case of p12 or pfx format. The default is “changeit”. 

Format:

--password="<value>"

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

--issuer-first

By default, the end entity certificate is placed first when downloading complete chain. Setting this option to put the Root CA first.

-h

--help

Help for download.


Examples

Description: Download a certificate for the provided certificate ID to the specified output folder.

Command:

smctl certificate download <certificate-id> --out <path where certificate should be stored>

Command sample:

smctl certificate download 23454-234542-23454-23454 –-out C:\Users\Name\Desktop

Description: Download the default certificate for the provided keypair alias. The complete certificate chain will be downloaded in .der format in the current SMCTL directory.

Command:

smctl certificate download --keypair-alias=<keypair alias> --chain --format=<format>

Command sample:

smctl certificate download --keypair-alias=keypairdynamic-key-mk2 -c -f=der

Import certificate

To import a certificate for a keypair:

smctl cert import <flag>
tabla 4. Flags for importing a certificate

Shortcut

Flag

Description

--der

Import certificate in der format. The default format is pem.

--set-as-default

Set this certificate as the default certificate for the keypair specified.

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

-h

--help

Help for import command.


Example

Description: Import the certificate for the given keypair ID and specified certificate alias.

Command:

smctl certificate import <keypair-id> <certificate-alias> <certificate-file>

Command sample:

smctl certificate import keypair-dynamic-alias kp1-cert-alias C:\Users\Name\Desktop\certificate_name.crt

Certificate profile

To describe or list a certificate profile:

smctl certificate profile <subcommand> <flag>
tabla 5. Subcommands for certificate profiles

Shortcut

Subcommand

Description

desc

describe

Describe a certificate profile.

ls

list

List certificate profiles.


The certificate profiles subcommands support these flags:

tabla 6. Flags for listing and describing certificate profiles

Shortcut

Flags

Description

-f

--filter stringToString

Filters based on field=value, supported fields(name). The default is []. (List subcommand only)

Format:

--filter="<value>"

--account-id string

Account ID for the user. (Describe and list subcommands)

Format:

--account-id="<value>"

--page int

Page number. Default is –1, which lists all pages. (List subcommands only)

--size int

Page size. Default is 100. (List subcommands only)

-h

--help

Help for certificate profiles. (Describe and list subcommands)


Examples

Description: Describe a certificate profile for a given certificate profile ID.

Command: 

smctl certificate profile describe <certificate-profile-id>

Command sample:

smctl certificate profile describe 047c9ab5-2130-4425-a015-59f7c898cd33

Description: List all certificate profiles for a particular filter name.

Command: 

smctl certificate profile list --filter name=<certificate profile name>

Command sample:

smctl certificate profile ls --filter name=ca-cert-profile-test

List certificates

To list all certificates in your account:

smctl certificate list <flag>

or

smctl cert ls <flag>
tabla 7. Flags for listing certificates

Shortcut

Flag

Description

--cert-hash-alg string

Specify if you only want to list the certificates with the hash algorithm type: SHA1, SHA256, SHA384 or SHA512. Default is SHA1. 

Format:

--cert-hash-alg="<value>"

--cert-hash-encoding string

Specify if you want the certificate hash encoding type to be HEX or BASE64. Default is HEX. 

Format:

--cert-hash-encoding="<value>"

--filter stringToString

The supported fields are: id, alias, certificate_status, and keypair_id. The default field is []. 

Format:

--filter="<value>"

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

--page int

Page number. Default is -1, which lists all pages.

--size int

Page size. Default page size is 100.

-h

--help

Help for list certificates command.


Example

Description: List all the certificates and display the fingerprint in SHA-1 hash.

Command:

smctl certificate list --cert-hash-alg=<algorithm>

Subcommand:

smctl certificate ls --cert-hash-alg=SHA1
En esta sección: