Generate public key infrastructure (PKI) certificates and keys Generate CA certificate Sign generated CA certificate with another specified CA certificate pki ca Write generated CA certificate into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$7" --sign "$5" --file Commands for installing generated CA certificate into running configuration <certificate name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$7" --sign "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --sign "$5" Write generated CA certificate into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$5" --file Commands for installing generated CA certificate into running configuration <CA name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca --name "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ca Generate certificate request Generate self-signed certificate Write generated self-signed certificate into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$6" --self-sign --file Commands for installing generated self-signed certificate into running configuration <certificate name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$6" --self-sign --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --self-sign Sign generated certificate with specified CA certificate pki ca Write generated signed certificate into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$7" --sign "$5" --file Commands for installing generated signed certificate into running configuration <certificate name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$7" --sign "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --sign "$5" Write generated certificate request and key into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$5" --file Commands for installing generated certificate private key into running configuration <certificate name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate --name "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type certificate Generate CRL for specified CA certificate pki ca Write generated CRL into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type crl --name "$4" --file Commands for installing generated CRL into running configuration ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type crl --name "$4" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type crl --name "$4" Generate DH parameters Write generated DH parameters into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type dh --name "$5" --file Commands for installing generated DH parameters into running configuration <DH name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type dh --name "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type dh Generate a key pair Write generated key pair into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type key-pair --name "$5" --file Commands for installing generated key pair into running configuration <key name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type key-pair --name "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type key-pair Generate OpenVPN keys Generate OpenVPN shared secret key Write generated OpenVPN shared secret key into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type openvpn --name "$6" --file Commands for installing generated OpenVPN shared secret key into running configuration <key name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type openvpn --name "$6" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type openvpn Generate SSH key Write generated SSH keys into the specified filename <filename> sudo -E ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ssh --name "$5" --file Commands for installing generated SSH key into running configuration <key name> ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ssh --name "$5" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type ssh Generate WireGuard keys Generate WireGuard public/private key-pair Generate CLI commands to install WireGuard key to configuration WireGuard Interface used in install command interfaces wireguard ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type wireguard --key --interface "$7" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type wireguard --key Generate WireGuard pre-shared key Generate CLI commands to install WireGuard key to configuration WireGuard Interface used in install command interfaces wireguard Interface used for install command interfaces wireguard ${COMP_WORDS[COMP_CWORD-2]} peer ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type wireguard --psk --interface "$7" --peer "$9" --install ${vyos_op_scripts_dir}/pki.py generate_pki --pki-type wireguard --psk Import an object Import file into PKI configuration Import CA certificate into PKI <name> Path to CA certificate file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type ca --name "$4" --filename "$6" Path to private key file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type ca --name "$4" --key-filename "$6" Import certificate into PKI <name> Path to certificate file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type certificate --name "$4" --filename "$6" Path to private key file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type certificate --name "$4" --key-filename "$6" Import certificate revocation list into PKI <CA name> Path to CRL file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type crl --name "$4" --filename "$6" Import DH parameters into PKI <name> Path to DH parameters file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type dh --name "$4" --filename "$6" Import key pair into PKI <name> Path to public key file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type key-pair --name "$4" --filename "$6" Path to private key file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type key-pair --name "$4" --key-filename "$6" Import OpenVPN keys into PKI Import OpenVPN shared secret key into PKI <name> Path to shared secret key file sudo -E ${vyos_op_scripts_dir}/pki.py import_pki --pki-type openvpn --name "$5" --filename "$7" Show PKI x509 certificates sudo ${vyos_op_scripts_dir}/pki.py show_all Show x509 CA certificates sudo ${vyos_op_scripts_dir}/pki.py show_certificate_authority Show x509 CA certificate by name pki ca sudo ${vyos_op_scripts_dir}/pki.py show_certificate_authority --name "$4" Show x509 CA certificate in PEM format sudo ${vyos_op_scripts_dir}/pki.py show_certificate_authority --name "$4" --pem Show x509 certificates sudo ${vyos_op_scripts_dir}/pki.py show_certificate Show x509 certificate by name pki certificate sudo ${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" Show x509 certificate in PEM format sudo ${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" --pem Show x509 certificate fingerprint sha256 sha384 sha512 sudo ${vyos_op_scripts_dir}/pki.py show_certificate --name "$4" --fingerprint "$6" Show x509 certificate revocation lists ${vyos_op_scripts_dir}/pki.py show_crl Show x509 certificate revocation lists by CA name pki ca ${vyos_op_scripts_dir}/pki.py show_crl --name "$4" Show x509 certificate revocation lists by CA name in PEM format ${vyos_op_scripts_dir}/pki.py show_crl --name "$4" --pem Start manual certbot renewal sudo systemctl start certbot.service