Generate PKI certificates and keys
Generate CA certificate
Sign generated CA certificate with another specified CA certificate
pki ca
Write generated CA certificate into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --file
Commands for installing generated CA certificate into running configuration
<certificate name>
${vyos_op_scripts_dir}/pki.py --action generate --ca "$7" --sign "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --ca "noname" --sign "$5"
Write generated CA certificate into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --file
Commands for installing generated CA certificate into running configuration
<CA name>
${vyos_op_scripts_dir}/pki.py --action generate --ca "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --ca "noname"
Generate certificate request
Generate self-signed certificate
Write generated self-signed certificate into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --file
Commands for installing generated self-signed certificate into running configuration
<certificate name>
${vyos_op_scripts_dir}/pki.py --action generate --certificate "$6" --self-sign --install
${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --self-sign
Sign generated certificate with specified CA certificate
pki ca
Write generated signed certificate into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --file
Commands for installing generated signed certificate into running configuration
<certificate name>
${vyos_op_scripts_dir}/pki.py --action generate --certificate "$7" --sign "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname" --sign "$5"
Write generated certificate request and key into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --file
Commands for installing generated certificate private key into running configuration
<certificate name>
${vyos_op_scripts_dir}/pki.py --action generate --certificate "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --certificate "noname"
Generate CRL for specified CA certificate
pki ca
Write generated CRL into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --file
Commands for installing generated CRL into running configuration
${vyos_op_scripts_dir}/pki.py --action generate --crl "$4" --install
${vyos_op_scripts_dir}/pki.py --action generate --crl "$4"
Generate DH parameters
Write generated DH parameters into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --file
Commands for installing generated DH parameters into running configuration
<DH name>
${vyos_op_scripts_dir}/pki.py --action generate --dh "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --dh "noname"
Generate a key pair
Write generated key pair into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --file
Commands for installing generated key pair into running configuration
<key name>
${vyos_op_scripts_dir}/pki.py --action generate --keypair "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --keypair "noname"
Generate OpenVPN keys
Generate OpenVPN shared secret key
Write generated OpenVPN shared secret key into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --file
Commands for installing generated OpenVPN shared secret key into running configuration
<key name>
${vyos_op_scripts_dir}/pki.py --action generate --openvpn "$6" --install
${vyos_op_scripts_dir}/pki.py --action generate --openvpn "noname"
Generate SSH key
Write generated SSH keys into the specified filename
<filename>
sudo -E ${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --file
Commands for installing generated SSH key into running configuration
<key name>
${vyos_op_scripts_dir}/pki.py --action generate --ssh "$5" --install
${vyos_op_scripts_dir}/pki.py --action generate --ssh "noname"
Generate WireGuard keys
Generate WireGuard public/private key-pair
Generate CLI commands to install WireGuard key to configuration
WireGuard Interface used in install command
interfaces wireguard
${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key --interface "$7" --install
${vyos_op_scripts_dir}/pki.py --action generate --wireguard --key
Generate WireGuard pre-shared key
Generate CLI commands to install WireGuard key to configuration
WireGuard Interface used in install command
interfaces wireguard
Interface used for install command
interfaces wireguard ${COMP_WORDS[COMP_CWORD-2]} peer
${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk --interface "$7" --peer "$9" --install
${vyos_op_scripts_dir}/pki.py --action generate --wireguard --psk
Import an object
Import file into PKI configuration
Import CA certificate into PKI
<name>
Path to CA certificate file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --filename "$6"
Path to private key file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --ca "$4" --key-filename "$6"
Import certificate into PKI
<name>
Path to certificate file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --filename "$6"
Path to private key file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --certificate "$4" --key-filename "$6"
Import certificate revocation list into PKI
<CA name>
Path to CRL file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --crl "$4" --filename "$6"
Import DH parameters into PKI
<name>
Path to DH parameters file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --dh "$4" --filename "$6"
Import key pair into PKI
<name>
Path to public key file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --filename "$6"
Path to private key file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --keypair "$4" --key-filename "$6"
Import OpenVPN keys into PKI
Import OpenVPN shared secret key into PKI
<name>
Path to shared secret key file
sudo -E ${vyos_op_scripts_dir}/pki.py --action import --openvpn "$5" --filename "$7"
Show PKI x509 certificates
Show x509 CA certificates
${vyos_op_scripts_dir}/pki.py --action show --ca "all"
Show x509 CA certificate by name
pki ca
${vyos_op_scripts_dir}/pki.py --action show --ca "$4"
Show x509 CA certificate in PEM format
${vyos_op_scripts_dir}/pki.py --action show --ca "$4" --pem
Show x509 certificates
${vyos_op_scripts_dir}/pki.py --action show --certificate "all"
Show x509 certificate by name
pki certificate
${vyos_op_scripts_dir}/pki.py --action show --certificate "$4"
Show x509 certificate in PEM format
sudo ${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --pem
Show x509 certificate fingerprint
sha256 sha384 sha512
${vyos_op_scripts_dir}/pki.py --action show --certificate "$4" --fingerprint "$6"
Show x509 certificate revocation lists
${vyos_op_scripts_dir}/pki.py --action show --crl "all"
Show x509 certificate revocation lists by CA name
pki ca
${vyos_op_scripts_dir}/pki.py --action show --crl "$4"
Show x509 certificate revocation lists by CA name in PEM format
${vyos_op_scripts_dir}/pki.py --action show --crl "$4" --pem
${vyos_op_scripts_dir}/pki.py --action show
Start manual certbot renewal
sudo systemctl start certbot.service