summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2026-05-26 12:44:59 +0100
committerGitHub <noreply@github.com>2026-05-26 12:44:59 +0100
commit6ef84d9a2b30c4cfb9ce298b007162bab16275aa (patch)
tree21fbc76b402d5636a95eb18a159cc03cc4ace67e /src
parent567e968f5c6ee86360151144bd8239ec2cdca12b (diff)
parent88a50d1700cac0b38595b206f804a59592bdb3d2 (diff)
downloadvyos-1x-6ef84d9a2b30c4cfb9ce298b007162bab16275aa.tar.gz
vyos-1x-6ef84d9a2b30c4cfb9ce298b007162bab16275aa.zip
Merge pull request #5202 from indrajitr/T8877-pki-private-key
pki: T8877: Add ability to show private key in pem format
Diffstat (limited to 'src')
-rwxr-xr-xsrc/op_mode/pki.py24
1 files changed, 22 insertions, 2 deletions
diff --git a/src/op_mode/pki.py b/src/op_mode/pki.py
index b84b6f02a..bf8bba657 100755
--- a/src/op_mode/pki.py
+++ b/src/op_mode/pki.py
@@ -1252,6 +1252,7 @@ def show_certificate_authority(
def show_certificate(
raw: bool,
name: typing.Optional[str] = None,
+ private: typing.Optional[bool] = False,
pem: typing.Optional[bool] = False,
fingerprint: typing.Optional[ArgsFingerprint] = None,
):
@@ -1282,12 +1283,31 @@ def show_certificate(
if not cert:
continue
- if name and pem:
+ if name and pem and not (private or fingerprint):
print(encode_certificate(cert))
return
- elif name and fingerprint:
+ elif name and fingerprint and not private:
print(get_certificate_fingerprint(cert, fingerprint))
return
+ elif name and private:
+ if 'private' in cert_dict and 'key' in cert_dict['private']:
+ protected = 'password_protected' in cert_dict['private']
+ private_key = load_private_key(
+ cert_dict['private']['key'],
+ passphrase=None,
+ wrap_tags=True,
+ )
+ if private_key:
+ print(encode_private_key(private_key, passphrase=None))
+ else:
+ if protected:
+ print(f'Private key for certificate "{cert_name}" is '
+ 'password-protected and cannot be displayed')
+ else:
+ print(f'Failed to load private key for certificate "{cert_name}"')
+ else:
+ print(f'No private key found for certificate "{cert_name}"')
+ return
ca_name = get_certificate_ca(cert, ca_certs)
cert_subject_cn = cert.subject.rfc4514_string().split(',')[0]