docs: update the 'consul tls' command docs to match the current flags (#7911)
This commit is contained in:
parent
7574dacabc
commit
694a6c03e5
|
@ -26,4 +26,17 @@ Usage: `consul tls ca create [filename-prefix] [options]`
|
||||||
|
|
||||||
#### TLS CA Create Options
|
#### TLS CA Create Options
|
||||||
|
|
||||||
|
- `-additional-name-constraint=<value>` - Add name constraints for the CA.
|
||||||
|
Results in rejecting certificates for other DNS than specified. Can be used
|
||||||
|
multiple times. Only used in combination with `-name-constraint`.
|
||||||
|
|
||||||
- `-days=<int>` - Provide number of days the CA is valid for from now on, defaults to 5 years.
|
- `-days=<int>` - Provide number of days the CA is valid for from now on, defaults to 5 years.
|
||||||
|
|
||||||
|
- `-domain=<string>` - Domain of consul cluster. Only used in combination with
|
||||||
|
`-name-constraint`. Defaults to `consul`.
|
||||||
|
|
||||||
|
- `-name-constraint` - Add name constraints for the CA. Results in rejecting
|
||||||
|
certificates for other DNS than specified. If turned on localhost and -domain
|
||||||
|
will be added to the allowed DNS. If the UI is going to be served over HTTPS
|
||||||
|
its DNS has to be added with `-additional-constraint`. It is not possible to
|
||||||
|
add that after the fact! Defaults to false.
|
||||||
|
|
|
@ -50,22 +50,34 @@ Usage: `consul tls cert create [filename-prefix] [options]`
|
||||||
|
|
||||||
#### TLS Cert Create Options
|
#### TLS Cert Create Options
|
||||||
|
|
||||||
- `-additional-dnsname=<string>` - Provide additional dnsname for Subject Alternative Names.
|
- `-additional-dnsname=<string>` - Provide an additional dnsname for Subject
|
||||||
|
Alternative Names. localhost is always included. This flag may be provided
|
||||||
|
multiple times.
|
||||||
|
|
||||||
- `-additional-ipaddress=<string>` - Provide additional ipaddress for Subject Alternative Names.
|
- `-additional-ipaddress=<string>` - Provide an additional ipaddress for
|
||||||
|
Subject Alternative Names. `127.0.0.1` is always included. This flag may be
|
||||||
|
provided multiple times.
|
||||||
|
|
||||||
- `-ca=<string>` - Provide path to the ca
|
- `-ca=<string>` - Provide path to the ca. Defaults to `#DOMAIN#-agent-ca.pem`.
|
||||||
|
|
||||||
- `-cli` - Generate cli certificate
|
- `-cli` - Generate cli certificate.
|
||||||
|
|
||||||
- `-client` - Generate client certificate
|
- `-client` - Generate client certificate.
|
||||||
|
|
||||||
- `-days=<int>` - Provide number of days the certificate is valid for from now on.
|
- `-days=<int>` - Provide number of days the certificate is valid for from now
|
||||||
|
on. Defaults to 1 year.
|
||||||
|
|
||||||
- `-dc=<string>` - Provide the datacenter. Matters only for -server certificates
|
- `-dc=<string>` - Provide the datacenter. Matters only for `-server`
|
||||||
|
certificates. Defaults to `dc1`.
|
||||||
|
|
||||||
- `-domain=<string>` - Provide the domain. Matters only for -server certificates
|
- `-domain=<string>` - Provide the domain. Matters only for `-server`
|
||||||
|
certificates.
|
||||||
|
|
||||||
- `-key=<string>` - Provide path to the key
|
- `-key=<string>` - Provide path to the key. Defaults to
|
||||||
|
`#DOMAIN#-agent-ca-key.pem`.
|
||||||
|
|
||||||
- `-server` - Generate server certificate
|
- `-node=<string>` - When generating a server cert and this is set an
|
||||||
|
additional dns name is included of the form
|
||||||
|
`<node>.server.<datacenter>.<domain>`.
|
||||||
|
|
||||||
|
- `-server` - Generate server certificate.
|
||||||
|
|
Loading…
Reference in New Issue