Usage#
gwcert#
GridWords TLS certificate tools.
gwcert [OPTIONS] COMMAND [ARGS]...
Options
- --version#
Show version and exit.
- Default:
False
- --install-completion <install_completion>#
Install completion for the specified shell.
- Options:
bash | zsh | fish | powershell | pwsh
- --show-completion <show_completion>#
Show completion for the specified shell, to copy it or customize the installation.
- Options:
bash | zsh | fish | powershell | pwsh
ca#
Commands for creating and using a local Certificate Authority.
gwcert ca [OPTIONS] COMMAND [ARGS]...
add-key#
Generate public/private key pair, CSR and signed certificate.
gwcert ca add-key [OPTIONS] KEY_NAME
Options
- --ca-dir <ca_dir>#
CA storage directory.
- Default:
/home/docs/.local/share/gridworks/ca
- --force#
Overwrites existing files. [yellow][bold]WARNING: [/yellow][/bold]–force will [red][bold]PERMANENTLY DELETE[/red][/bold] the files for this key name, including public and private key.
- Default:
False
- --valid-days <valid_days>#
Number of days issued certificates should be valid for
- Default:
825
- --public-exponent <public_exponent>#
Passed to cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key()
- Default:
65537
- --key-size <key_size>#
Passed to cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key()
- Default:
2048
- --common-name <common_name>#
Common Name used in certificate. If unspecified, key-name is used.
- Default:
- --dns <dns_names>#
DNS entries
- --is-ca#
Whether certificate for this key can itself sign other certificates
- Default:
False
Arguments
- KEY_NAME#
Required argument
clean#
Delete the CA storage directory and contents. [yellow][bold] WARNING: [red] PERMANENTLY DELETES CA CERTIFICATE AND KEY.
gwcert ca clean [OPTIONS]
Options
- --ca-dir <ca_dir>#
CA storage directory.
- Default:
/home/docs/.local/share/gridworks/ca
- --yes-really-forever#
Required to actually clean the CA storage directory
- Default:
False
create#
Create files necessary for a simple, self-signed Certificate Authority.
gwcert ca create [OPTIONS] COMMON_NAME
Options
- --ca-dir <ca_dir>#
CA storage directory.
- Default:
/home/docs/.local/share/gridworks/ca
- --valid-days <valid_days>#
Number of days issued certificates should be valid for
- Default:
825
- --public-exponent <public_exponent>#
Passed to cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key()
- Default:
65537
- --key-size <key_size>#
Passed to cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key()
- Default:
2048
Arguments
- COMMON_NAME#
Required argument
info#
Show information about CA configured on disk.
gwcert ca info [OPTIONS]
Options
- --ca-dir <ca_dir>#
CA storage directory.
- Default:
/home/docs/.local/share/gridworks/ca
key#
Commands for generating named keys, Certificate Signing Requests and Certificates.
By default certificates are generated in:
$HOME/.local/share/gridworks/ca/certs/KEYNAME/
By default CA files are:
$HOME/.local/share/gridworks/ca/ca.crt $HOME/.local/share/gridworks/ca/private/ca_key.pem.
Subcommands rsa, csr and certify may be called in order to produce key/certificate pairs usable with the specified CA. Subcommand ‘add’ calls all three of those in order.
The I/O of these commands is approximately:
rsa -> private key csr(private key) -> CSR certify(CSR, CA certificate, CA private key) -> certificate
gwcert key [OPTIONS] COMMAND [ARGS]...
add#
Generate public/private RSA key pair, CSR and certificate for a named identity.
Writes public/private key, CSR and certificate files, by default named:
$HOME/.local/share/gridworks/ca/certs/name/name.pub $HOME/.local/share/gridworks/ca/certs/name/private/name.pem $HOME/.local/share/gridworks/ca/certs/name/name.csr $HOME/.local/share/gridworks/ca/certs/name/name.crt
Input file can be explicitly named with the –ca-certificate-path and –ca-private-key-path parameters. Output file can be explicitly named by passing a path-like string for a “.pem” file to the name parameter and/or with –csr-path and –certificate-path parameters.
gwcert key add [OPTIONS] NAME
Options
- --csr-path <csr_path>#
Optional explicit path to Certificate Signing Request. If absent, CSR path is derived from the private key output path.
- --private-key-path <private_key_path>#
Optional explicit path to private key. If absent, private key path is derived from the certificate output path.
- --certs-dir <certs_dir>#
Base storage directory for named certs
- Default:
/home/docs/.local/share/gridworks/ca/certs
- --public-exponent <public_exponent>#
The public exponent of the new key. Either 65537 or 3 (for legacy purposes). Almost everyone should use 65537.
- Default:
65537
- --key-size <key_size>#
The length of the modulus in bits. It is strongly recommended to be at least 2048.
- Default:
2048
- --force#
Overwrites existing files. [yellow][bold]WARNING: [/yellow][/bold]–force will [red][bold]PERMANENTLY DELETE[/red][/bold] the public and private key for this key name
- Default:
False
- --common-name <common_name>#
Common Name used in certificate. If unspecified, key-name is used.
- Default:
- --dns <dns_names>#
DNS entries
- --ca-certificate-path <ca_certificate_path>#
Optional explicit path to CA certificate file. If absent, CA certificate path is derived from ca_dir.
- --ca-private-key-path <ca_private_key_path>#
Optional explicit path to CA private key file. If absent, CA private key path is derived from ca_dir.
- --ca-dir <ca_dir>#
Certificate Authority directory
- Default:
/home/docs/.local/share/gridworks/ca
- --valid-days <valid_days>#
Number of days issued certificates should be valid for
- Default:
825
Arguments
- NAME#
Required argument
certify#
Sign a CSR, producing a certificate.
Uses input files, by default named:
$HOME/.local/share/gridworks/ca/certs/name/name.csr
Writes a certificate file, by default named:
$HOME/.local/share/gridworks/ca/certs/name/name.crt
Input file can be explicitly named with the –csr-path, –ca-certificate-path and –ca-private-key-path parameters. Output file can be explicitly named by passing a path-like string for a “.crt” file to the name parameter.
gwcert key certify [OPTIONS] NAME
Options
- --csr-path <csr_path>#
Optional explicit path to Certificate Signing Request. If absent, CSR path is derived from thecertificate output path.
- --ca-certificate-path <ca_certificate_path>#
Optional explicit path to CA certificate file. If absent, CA certificate path is derived from ca_dir.
- --ca-private-key-path <ca_private_key_path>#
Optional explicit path to CA private key file. If absent, CA private key path is derived from ca_dir.
- --ca-dir <ca_dir>#
Certificate Authority directory
- Default:
/home/docs/.local/share/gridworks/ca
- --certs-dir <certs_dir>#
Base storage directory for named certs
- Default:
/home/docs/.local/share/gridworks/ca/certs
- --valid-days <valid_days>#
Number of days issued certificates should be valid for
- Default:
825
- --force#
Overwrites existing certificate file. [yellow][bold]WARNING: [/yellow][/bold]–force will [red][bold]PERMANENTLY DELETE[/red][/bold] the certificate file for this name
- Default:
False
Arguments
- NAME#
Required argument
csr#
Create Certificate Signing Request from a private key.
Uses input files, by default named:
$HOME/.local/share/gridworks/ca/certs/name/private/name.pem
Writes a CSR file, by default named:
$HOME/.local/share/gridworks/ca/certs/name/name.csr
Input file can be explicitly named with the –private-key-path paramter. Output file can be explicitly named by passing a path-like string for a “.csr” file to the name parameter.
gwcert key csr [OPTIONS] NAME
Options
- --private-key-path <private_key_path>#
Optional explicit path to private key file. If absent, private key path is derived from csr output path.
- --certs-dir <certs_dir>#
Base storage directory for named certs
- Default:
/home/docs/.local/share/gridworks/ca/certs
- --common-name <common_name>#
Common Name used in certificate. If unspecified, key-name is used.
- Default:
- --dns <dns_names>#
DNS entries
- --force#
Overwrites existing file. [yellow][bold]WARNING: [/yellow][/bold]–force will [red][bold]PERMANENTLY DELETE[/red][/bold] the csr file for this name
- Default:
False
Arguments
- NAME#
Required argument
info#
Show information about a certificate using ‘[cyan]openssl x509 -in CERTIFICATE_PATH -text -noout[/cyan]’.
gwcert key info [OPTIONS] NAME
Options
- --certs-dir <certs_dir>#
Base storage directory for named certs
- Default:
/home/docs/.local/share/gridworks/ca/certs
- --files#
Show paths of files in directory of certificate.
- Default:
False
Arguments
- NAME#
Required argument
rsa#
Create public/private key pair using RSA.
Writes public and private key files, by default named:
$HOME/.local/share/gridworks/ca/certs/name/name.pub $HOME/.local/share/gridworks/ca/certs/name/private/name.pem
Output files can be explicitly named by passing a path-like string for a “.pem” file to the name parameter.
gwcert key rsa [OPTIONS] NAME
Options
- --private-key-path <private_key_path>#
Optional explicit path to private key file. If absent, private key path is derived from public key output path.
- --certs-dir <certs_dir>#
Base storage directory for named certs
- Default:
/home/docs/.local/share/gridworks/ca/certs
- --public-exponent <public_exponent>#
The public exponent of the new key. Either 65537 or 3 (for legacy purposes). Almost everyone should use 65537.
- Default:
65537
- --key-size <key_size>#
The length of the modulus in bits. It is strongly recommended to be at least 2048.
- Default:
2048
- --force#
Overwrites existing files. [yellow][bold]WARNING: [/yellow][/bold]–force will [red][bold]PERMANENTLY DELETE[/red][/bold] the public and private key for this key name
- Default:
False
Arguments
- NAME#
Required argument
tui#
Visual CLI command builder.
gwcert tui [OPTIONS]