Consul TLS Cert Create
Command: consul tls cert create
The tls cert create
command is used to create certificates for your Consul TLS
setup.
Examples
Create a certificate for servers:
Create a certificate for clients:
Create a certificate for cli:
Usage
Usage: consul tls cert create [filename-prefix] [options]
Command Options
-additional-dnsname=<string>
- Provide an additional dnsname for Subject Alternative Names. localhost is always included. This flag may be provided multiple times.-additional-ipaddress=<string>
- Provide an additional ipaddress for Subject Alternative Names.127.0.0.1
is always included. This flag may be provided multiple times.-ca=<string>
- Provide path to the ca. Defaults to#DOMAIN#-agent-ca.pem
.-cli
- Generate cli certificate.-client
- Generate client certificate.-days=<int>
- Provide number of days the certificate is valid for from now on. Defaults to 1 year.-dc=<string>
- Provide the datacenter. Matters only for-server
certificates. Defaults todc1
.-domain=<string>
- Provide the domain. Matters only for-server
certificates.-key=<string>
- Provide path to the key. Defaults to#DOMAIN#-agent-ca-key.pem
.-node=<string>
- When generating a server cert and this is set an additional dns name is included of the form<node>.server.<datacenter>.<domain>
.-server
- Generate server certificate.