github.com/sl1pm4t/consul@v1.4.5-0.20190325224627-74c31c540f9c/website/source/docs/commands/tls/cert.html.md.erb (about) 1 --- 2 layout: "docs" 3 page_title: "Commands: TLS Cert Create" 4 sidebar_current: "docs-commands-tls-cert" 5 --- 6 7 # Consul TLS Cert Create 8 9 Command: `consul tls cert create` 10 11 The `tls cert create` command is used to create certificates for your Consul TLS 12 setup. 13 14 ## Examples 15 16 Create a certificate for servers: 17 18 ```bash 19 $ consul tls cert create -server 20 ==> WARNING: Server Certificates grants authority to become a 21 server and access all state in the cluster including root keys 22 and all ACL tokens. Do not distribute them to production hosts 23 that are not server nodes. Store them as securely as CA keys. 24 ==> Using consul-ca.pem and consul-ca-key.pem 25 ==> Saved consul-server-dc1-0.pem 26 ==> Saved consul-server-dc1-0-key.pem 27 ``` 28 29 Create a certificate for clients: 30 31 ```bash 32 $ consul tls cert create -client 33 ==> Using consul-ca.pem and consul-ca-key.pem 34 ==> Saved consul-client-0.pem 35 ==> Saved consul-client-0-key.pem 36 ``` 37 38 Create a certificate for cli: 39 40 ```bash 41 $ consul tls cert create -cli 42 ==> Using consul-ca.pem and consul-ca-key.pem 43 ==> Saved consul-cli-0.pem 44 ==> Saved consul-cli-0-key.pem 45 ``` 46 ## Usage 47 48 Usage: `consul tls cert create [filename-prefix] [options]` 49 50 #### TLS Cert Create Options 51 52 - `-additional-dnsname=<string>` - Provide additional dnsname for Subject Alternative Names. 53 54 - `-ca=<string>` - Provide path to the ca 55 56 - `-cli` - Generate cli certificate 57 58 - `-client` - Generate client certificate 59 60 - `-days=<int>` - Provide number of days the certificate is valid for from now on. 61 62 - `-dc=<string>` - Provide the datacenter. Matters only for -server certificates 63 64 - `-domain=<string>` - Provide the domain. Matters only for -server certificates 65 66 - `-key=<string>` - Provide path to the key 67 68 - `-server` - Generate server certificate