tcld generate-certificates command reference
The tcld generate-certificates command commands for generating certificate authority and end-entity TLS certificates.
Alias: gen
- tcld generate-certificates certificate-authority-certificate
- tcld generate-certificates end-entity-certificate
certificate-authority-certificate
The tcld generate-certificates certificate-authority-certificate command generate a certificate authority certificate.
Alias: ca
--organization
The name of the organization
Alias: org
--validity-period
The duration for which the certificate is valid for. example: 30d10h (30 days and 10 hrs)
Alias: d
--ca-certificate-file
The path where the generated x509 certificate will be stored
Alias: ca-cert
--ca-key-file
The path where the certificate's private key will be stored
Alias: ca-key
--rsa-algorithm
Generates a 4096-bit RSA keypair instead of an ECDSA P-384 keypair (the recommended default) for the certificate (optional)
Alias: rsa
end-entity-certificate
The tcld generate-certificates end-entity-certificate command generate an end-entity certificate.
Alias: leaf
--organization
The name of the organization
Alias: org
--organization-unit
The name of the organizational unit (optional)
--common-name
The common name (optional)
--validity-period
The duration for which the end entity certificate is valid for. example: 30d10h (30 days and 10 hrs). By default the generated certificate expires 24 hours before the certificate authority expires (optional)
Alias: d
--ca-certificate-file
The path of the x509 certificate for the certificate authority
Alias: ca-cert
--ca-key-file
The path of the private key for the certificate authority
Alias: ca-key
--certificate-file
The path where the generated x509 certificate will be stored
Alias: cert
--key-file
The path where the certificate's private key will be stored
Alias: key