Apicup certs command reference
Documentation of the apicup certs command you use to manage API Connect TLS certificates and secrets.
The apicup certs command is used to set, clear, and generate the TLS certificates that are used by API Connect. The apicup certs command is also used to manage some of the secrets used by API Connect, such as remote backup server credentials and database encryption secrets.
After you modify certificates with the apicup certs command, you must apply
the changes to your subsystems
with:
apicup subsys install <subsystem name>
- Setting and clearing certificates
- Run the
apicup certs set
command:Table 1. apicup certs set Command Values Result apicup certs set SUBSYS CERT_NAME [CERT_FILE KEY_FILE CA_FILE] [flags]
Parameters are: - SUBSYS - name of the subsystem to which the certificate applies
- CERT_NAME - name of the certificate; see Certificate reference VMware for a list of certificates that can be set for each subsystem.
- CERT_FILE - Path to the certificate file in PEM format.
- KEY_FILE - Path to the private key file in PEM format.
- CA_FILE - Path to the certificate authority (CA) file. The contents of the file might be the
concatenation of an intermediate CA and the root CA (in that order). Note: When you set the
root-ca
certificate, omit the CA_FILE parameter.
Sets the specified certificate to be applied when apicup subsys install is run. apicup certs set SUBSYS CERT_NAME [KEY_FILE] [flags]
KEY_FILE - The file that contains the encryption-secret for field level encryption in the management database. Applies only to the management subsystem . The certificate name is encryption-secret
. The type is secure random bytes with a length of 128 bytes. For example,apicup certs set mgmt1 encryption-secret /path/to/encryption-secret.bin
. Note: Do not specify any of the [CERT_FILE KEY_FILE CA_FILE] parameters when you set the encryption-secret.Applies the encryption-secret
when the management subsystem is installed.flags
--clear
--help
Flags are: - --clear - Clears the specified certificate. For example,
apicup certs set mgmt1 encryption-secret --clear
- --help - Displays help for the command.
The specified certificate is cleared. When you make configuration changes such as changing endpoints, the corresponding certificate must be cleared so that a new certificate can be set. - Viewing details of a certificate
- Run the
apicup certs get
command:Table 2. apicup certs get Command Values Result apicup certs get SUBSYS CERT_NAME [flags]
Parameters are: - SUBSYS - name of the subsystem to which the certificate applies
- CERT_NAME - name of the certificate to retrieve; see Certificate reference VMware for a list of certificates
Returns the specified certificate for the specified subsystem. flags
--output string
--type string
--help
Flags are: - --output string- Specify a file for the retrieved values, or specify "-" to send to stdout. The
default is "-" to send to stdout. For example,
apicup certs get mgmt1 --output myCertsFile
- --type string - Returns only the specified type. If not specified, the type is cert. For
example,
apicup certs get mgmt1 --type ca
- --help - Displays help for the command.
- For --output: The specified certificate is retrieved and sent to stdout or saved to the specified file
- For --type: Certificates are retrieved that match the type specified.
- List the certificates for a subsystem
- Run the command apicup certs list:
Table 3. apicup certs list Command Values Result apicup certs list SUBSYS [flags]
Parameters are: - SUBSYS - name of the subsystem for which you want to list certificates
Returns a list of certificates that are configured for the subsystem. flags
--help
Flags are: - --help - Displays help for the command.
Help text is displayed. - Generate certificates
- The
apicup certs generate
command generates and sets default certificates. Thegenerate
command generates and sets a certificate only if it is not already set.Note: The apicup subsys install operation also generates and sets any unset certificates, but use theapicup certs generate
command so that you can set them and review them before you install.Table 4. apicup certs generate Command Values Result apicup certs generate SUBSYS [flags]
Parameters are: - SUBSYS - name of the subsystem for which you want to generate certificates
Generates certificates that are currently not set for the subsystem. Generates self-signed certificates. flags
--help
Flags are: - --help - Displays help for the command.
Help text is displayed.