Skip to main content

Certificates commands

This section covers commands that you use in SMCTL to manage certificates.

Commands

To view all actions to manage certificates, run:

smctl certificate --help

or

smctl cert -h

Subcommands

Certificate commands begin with:

smctl cert <subcommand>

Certificate commands support these flags:

Tabela 1. Subcommands for managing certificates

Shortcut

Subcommand

Description

desc

describe

Describe a certificate's details.

download or save

Download a certificate for the provided certificate id, keypair ID or keypair alias. The downloaded file will not have the private key. If a file exists with the same name in the output directory, this process will overwrite it.

ls

list

List certificates.


Describe certificate

To describe the certificate details for the specified certificate ID:

smctl cert describe <flag>

or

smctl cert desc <flag>
Tabela 2. Flags for describing a certificate

Shortcut

Flag

Description

--cert-hash-alg string

The certificate hash algorithm types are SHA1, SHA256, SHA384 or SHA512. The default algorithm type is SHA1. 

Format:

--cert-hash-alg="<value>"

--cert-hash-encoding string

The certificate hash encoding types are HEX or BASE64. The default encoding type is HEX. 

Format:

--cert-hash-encoding="<value>"

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

-h

--help

Help for describe certificate.


Examples

Description: Describe the certificate with the provided certificate ID.

Command: 

smctl certificate describe <certificate-id>

Command sample: 

smctl certificate desc 7747527b-6cc0-4ccf-8099-a6df1bf90bc14

Description: Describe the certificate with the provided certificate ID and hash and display the fingerprint with SHA-256.

Command: 

smctl certificate describe <certificate-id> --cert-hash-alg="<algorithm>"

Command sample: 

smctl certificate desc 7747527b-6cc0-4ccf-8099-a6df1bf90bc14 --cert-hash-alg=“SHA256”

Download certificate

Use one of the following commands to list all available actions to download a certificate:

smctl cert download <flag>

or

smctl cert save <flag>

Tabela 3. Flags for downloading a certificate

Shortcut

Flag

Description

-c

--chain

Download the complete certificate chain.

-f

--format string

Allowed formats include pem, der, p12 or pfx. The default format is pem. The private key will not be downloaded. 

Format:

--format="<value>"

--keypair-alias string

Download the default certificate for a keypair alias. 

Format:

--keypair-alias="<value>"

--keypair-id string

Download the default certificate for a keypair ID. 

Format:

--keypair-id="<value>"

-n

--name string

Name of the certificate file. The default name is the certificate alias. 

Format:

--name="<value>"

-o

--out string

Output path where the certificate is to be downloaded. 

Format:

--out="<value>"

-p

--password string

Password to be used in case of p12 or pfx format. The default is “changeit”. 

Format:

--password="<value>"

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

--issuer-first

By default, the end entity certificate is placed first when downloading complete chain. Setting this option to put the Root CA first.

-h

--help

Help for download.


Examples

Description: Download a certificate for the provided certificate ID to the specified output folder.

Command:

smctl certificate download <certificate-id> --out <path where certificate should be stored>

Command sample:

smctl certificate download 23454-234542-23454-23454 –-out C:\Users\Name\Desktop

Description: Download the default certificate for the provided keypair alias. The complete certificate chain will be downloaded in .der format in the current SMCTL directory.

Command:

smctl certificate download --keypair-alias=<keypair alias> --chain --format=<format>

Command sample:

smctl certificate download --keypair-alias=keypairdynamic-key-mk2 -c -f=der

Import certificate

To import a certificate for a keypair:

smctl cert import <flag>
Tabela 4. Flags for importing a certificate

Shortcut

Flag

Description

--der

Import certificate in der format. The default format is pem.

--set-as-default

Set this certificate as the default certificate for the keypair specified.

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

-h

--help

Help for import command.


Example

Description: Import the certificate for the given keypair ID and specified certificate alias.

Command:

smctl certificate import <keypair-id> <certificate-alias> <certificate-file>

Command sample:

smctl certificate import keypair-dynamic-alias kp1-cert-alias C:\Users\Name\Desktop\certificate_name.crt

Certificate profile

To describe or list a certificate profile:

smctl certificate profile <subcommand> <flag>
Tabela 5. Subcommands for certificate profiles

Shortcut

Subcommand

Description

desc

describe

Describe a certificate profile.

ls

list

List certificate profiles.


The certificate profiles subcommands support these flags:

Tabela 6. Flags for listing and describing certificate profiles

Shortcut

Flags

Description

-f

--filter stringToString

Filters based on field=value, supported fields(name). The default is []. (List subcommand only)

Format:

--filter="<value>"

--account-id string

Account ID for the user. (Describe and list subcommands)

Format:

--account-id="<value>"

--page int

Page number. Default is –1, which lists all pages. (List subcommands only)

--size int

Page size. Default is 100. (List subcommands only)

-h

--help

Help for certificate profiles. (Describe and list subcommands)


Examples

Description: Describe a certificate profile for a given certificate profile ID.

Command: 

smctl certificate profile describe <certificate-profile-id>

Command sample:

smctl certificate profile describe 047c9ab5-2130-4425-a015-59f7c898cd33

Description: List all certificate profiles for a particular filter name.

Command: 

smctl certificate profile list --filter name=<certificate profile name>

Command sample:

smctl certificate profile ls --filter name=ca-cert-profile-test

List certificates

To list all certificates in your account:

smctl certificate list <flag>

or

smctl cert ls <flag>
Tabela 7. Flags for listing certificates

Shortcut

Flag

Description

--cert-hash-alg string

Specify if you only want to list the certificates with the hash algorithm type: SHA1, SHA256, SHA384 or SHA512. Default is SHA1. 

Format:

--cert-hash-alg="<value>"

--cert-hash-encoding string

Specify if you want the certificate hash encoding type to be HEX or BASE64. Default is HEX. 

Format:

--cert-hash-encoding="<value>"

--filter stringToString

The supported fields are: id, alias, certificate_status, and keypair_id. The default field is []. 

Format:

--filter="<value>"

--account-id string

Account ID for the user. 

Format:

--account-id="<value>"

--page int

Page number. Default is -1, which lists all pages.

--size int

Page size. Default page size is 100.

-h

--help

Help for list certificates command.


Example

Description: List all the certificates and display the fingerprint in SHA-1 hash.

Command:

smctl certificate list --cert-hash-alg=<algorithm>

Subcommand:

smctl certificate ls --cert-hash-alg=SHA1
Nesta secção: