Changeset - 9f4abc374592
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 6 years ago 2018-03-25 12:32:21
branko@majic.rs
GC-18: Added documentation for the renew command:

- Updated quick usage instructions.
- Added section covering certificate renewal.
- Updated inline CLI help examples.
2 files changed with 35 insertions and 0 deletions:
docs/usage.rst
29
gimmecert/cli.py
6
0 comments (0 inline, 0 general)
docs/usage.rst
Show inline comments
 
@@ -92,6 +92,11 @@ This time around, the ``myserver2`` certificate will include
 
``myserver2``, ``myserver2.local``, and ``service.example.com`` as DNS
 
subject alternative names.
 

			




	
	
	
		
 
Renew existing certificates, keeping the same private key and naming::

			




	
	
	
		
 

			




	
	
	
		
 
  gimmecert renew server myserver1

			




	
	
	
		
 
  gimmecert renew server myclient1

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Initialisation

			




	
	
	
		
 
--------------

			




	
	
		
 
@@ -239,3 +244,27 @@ where ``NAME`` is passed-in via positional argument.

			




	
	
	
		
 
Key usage and extended key usage in certificate are set typical TLS

			




	
	
	
		
 
client use (e.g. *digital signature* + *key encipherment* for KU, and

			




	
	
	
		
 
*TLS WWW client authentication* for EKU).

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Renewing certificates

			




	
	
	
		
 
---------------------

			




	
	
	
		
 

			




	
	
	
		
 
Both client and server certificates can be renewed by simply providing

			




	
	
	
		
 
the type and name. This is useful when a certificate has expired, and

			




	
	
	
		
 
it should be renewed with identical naming and private key. Command

			




	
	
	
		
 
requires two positional argumensts::

			




	
	
	
		
 

			




	
	
	
		
 
  gimmecert renew (server|client) NAME

			




	
	
	
		
 

			




	
	
	
		
 
The command will:

			




	
	
	
		
 

			




	
	
	
		
 
- Keep the existing private key generated for end entity.

			




	
	
	
		
 
- Re-use naming, public key, and any extensions stored in existing

			




	
	
	
		
 
  certificate.

			




	
	
	
		
 
- Overwrite the existing certificate with a new one.

			




	
	
	
		
 
- Show information where the artifacts can be grabbed from.

			




	
	
	
		
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   For changing the list of additional subject alternative names

			




	
	
	
		
 
   included in server certificates, see the ``--update-dns-names`` for

			




	
	
	
		
 
   the ``gimmecert server`` command.

			




        

    


    
    

    

        

                

                    gimmecert/cli.py
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -58,6 +58,12 @@ Examples:

			




	
	
	
		
 
    # Renew a TLS server certificate removing extra DNS subject alternative names. Keeps the private key if any.

			




	
	
	
		
 
    gimmecert server myserver dontneedthisname.local

			




	
	
	
		
 
    gimmecert server myserver --update-dns-names

			




	
	
	
		
 

			




	
	
	
		
 
    # Renew a TLS server certificate, preserving naming and private key.

			




	
	
	
		
 
    gimmecert renew server myserver

			




	
	
	
		
 

			




	
	
	
		
 
    # Renew a TLS client certificate, preserving naming and private key.

			




	
	
	
		
 
    gimmecert renew client myclient

			




	
	
	
		
 
"""

			




	
	
	
		
 

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.