|
|
@@ -128,70 +128,71 @@ explains how to use the files.
|
|
|
=== Parameters
|
|
|
|
|
|
`ca`:: Specifies to generate a new local certificate authority (CA). This
|
|
|
-parameter cannot be used with the `csr` or `cert` parameters.
|
|
|
+parameter cannot be used with the `csr`, `cert` or `http` parameters.
|
|
|
|
|
|
`cert`:: Specifies to generate new X.509 certificates and keys.
|
|
|
-This parameter cannot be used with the `csr` or `ca` parameters.
|
|
|
+This parameter cannot be used with the `csr`, `ca` or `http` parameters.
|
|
|
|
|
|
`csr`:: Specifies to generate certificate signing requests. This parameter
|
|
|
-cannot be used with the `ca` or `cert` parameters.
|
|
|
+cannot be used with the `ca`, `cert` or `http` parameters.
|
|
|
|
|
|
`http`:: Generates a new certificate or certificate request for the {es} HTTP
|
|
|
-interface.
|
|
|
+interface. This parameter cannot be used with the `ca`, `cert` or `csr` parameters.
|
|
|
|
|
|
`--ca <file_path>`:: Specifies the path to an existing CA key pair
|
|
|
-(in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters.
|
|
|
+(in PKCS#12 format). This parameter is only applicable to the `cert` parameter.
|
|
|
|
|
|
`--ca-cert <file_path>`:: Specifies the path to an existing CA certificate (in
|
|
|
PEM format). You must also specify the `--ca-key` parameter. The `--ca-cert`
|
|
|
-parameter cannot be used with the `ca` or `csr` parameters.
|
|
|
+parameter is only applicable to the `cert` parameter.
|
|
|
|
|
|
`--ca-dn <name>`:: Defines the _Distinguished Name_ (DN) that is used for the
|
|
|
generated CA certificate. The default value is
|
|
|
`CN=Elastic Certificate Tool Autogenerated CA`. This parameter cannot be used
|
|
|
-with the `csr` parameter.
|
|
|
+with the `csr` or `http` parameters.
|
|
|
|
|
|
`--ca-key <file_path>`:: Specifies the path to an existing CA private key (in
|
|
|
PEM format). You must also specify the `--ca-cert` parameter. The `--ca-key`
|
|
|
-parameter cannot be used with the `ca` or `csr` parameters.
|
|
|
+parameter is only applicable to the `cert` parameter.
|
|
|
|
|
|
`--ca-pass <password>`:: Specifies the password for an existing CA private key
|
|
|
-or the generated CA private key. This parameter cannot be used with the `ca` or
|
|
|
-`csr` parameters.
|
|
|
+or the generated CA private key. This parameter is only applicable to the `cert` parameter
|
|
|
|
|
|
`--days <n>`:: Specifies an integer value that represents the number of days the
|
|
|
generated certificates are valid. The default value is `1095`. This parameter
|
|
|
-cannot be used with the `csr` parameter.
|
|
|
+cannot be used with the `csr` or `http` parameters.
|
|
|
|
|
|
`--dns <domain_name>`:: Specifies a comma-separated list of DNS names. This
|
|
|
-parameter cannot be used with the `ca` parameter.
|
|
|
+parameter cannot be used with the `ca` or `http` parameters.
|
|
|
|
|
|
`-E <KeyValuePair>`:: Configures a setting.
|
|
|
|
|
|
`-h, --help`:: Returns all of the command parameters.
|
|
|
|
|
|
`--in <input_file>`:: Specifies the file that is used to run in silent mode. The
|
|
|
-input file must be a YAML file. This parameter cannot be used with the `ca`
|
|
|
-parameter.
|
|
|
+input file must be a YAML file. This parameter cannot be used with the `ca` or
|
|
|
+`http` parameters.
|
|
|
|
|
|
`--ip <IP_addresses>`:: Specifies a comma-separated list of IP addresses. This
|
|
|
-parameter cannot be used with the `ca` parameter.
|
|
|
+parameter cannot be used with the `ca` or `http` parameters.
|
|
|
|
|
|
`--keysize <bits>`::
|
|
|
Defines the number of bits that are used in generated RSA keys. The default
|
|
|
-value is `2048`.
|
|
|
+value is `2048`. This parameter cannot be used with the `http` parameter.
|
|
|
|
|
|
`--multiple`::
|
|
|
Specifies to generate files for multiple instances. This parameter cannot be
|
|
|
-used with the `ca` parameter.
|
|
|
+used with the `ca` or `http` parameters.
|
|
|
|
|
|
`--name <file_name>`::
|
|
|
Specifies the name of the generated certificate. This parameter cannot be used
|
|
|
-with the `ca` parameter.
|
|
|
+with the `ca` or `http` parameters.
|
|
|
|
|
|
-`--out <file_path>`:: Specifies a path for the output files.
|
|
|
+`--out <file_path>`:: Specifies a path for the output files. This parameter
|
|
|
+cannot be used with the `http` parameter.
|
|
|
|
|
|
`--pass <password>`:: Specifies the password for the generated private keys.
|
|
|
+This parameter cannot be used with the `http` parameters.
|
|
|
+
|
|
|
Keys stored in PKCS#12 format are always password protected, however,
|
|
|
this password may be _blank_. If you want to specify a blank password
|
|
|
@@ -206,7 +207,7 @@ wish to password-protect your PEM keys, then do not specify
|
|
|
|
|
|
|
|
|
`--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This
|
|
|
-parameter cannot be used with the `csr` parameter.
|
|
|
+parameter cannot be used with the `csr` or `http` parameters.
|
|
|
|
|
|
`--self-signed`:: Generates self-signed certificates. This parameter is only
|
|
|
applicable to the `cert` parameter.
|
Yang Wang