1197b43c7b
* Support Connect CAs that can't cross sign * revert spurios mod changes from make tools * Add log warning when forcing CA rotation * Fixup SupportsCrossSigning to report errors and work with Plugin interface (fixes tests) * Fix failing snake_case test * Remove misleading comment * Revert "Remove misleading comment" This reverts commit bc4db9cabed8ad5d0e39b30e1fe79196d248349c. * Remove misleading comment * Regen proto files messed up by rebase
90 lines
2.3 KiB
Plaintext
90 lines
2.3 KiB
Plaintext
---
|
|
layout: "docs"
|
|
page_title: "Commands: Connect CA"
|
|
sidebar_current: "docs-commands-connect-ca"
|
|
description: >
|
|
The connect CA subcommand is used to view and modify the Connect Certificate
|
|
Authority (CA) configuration.
|
|
---
|
|
|
|
# Consul Connect Certificate Authority (CA)
|
|
|
|
Command: `consul connect ca`
|
|
|
|
The CA connect command is used to interact with Consul Connect's Certificate Authority
|
|
subsystem. The command can be used to view or modify the current CA configuration. See the
|
|
[Connect CA documentation](/docs/connect/ca.html) for more information.
|
|
|
|
```text
|
|
Usage: consul connect ca <subcommand> [options] [args]
|
|
|
|
This command has subcommands for interacting with Consul Connect's
|
|
Certificate Authority (CA).
|
|
|
|
Here are some simple examples, and more detailed examples are available
|
|
in the subcommands or the documentation.
|
|
|
|
Get the configuration:
|
|
|
|
$ consul connect ca get-config
|
|
|
|
Update the configuration:
|
|
|
|
$ consul connect ca set-config -config-file ca.json
|
|
|
|
For more examples, ask for subcommand help or view the documentation.
|
|
|
|
Subcommands:
|
|
get-config Display the current Connect Certificate Authority (CA) configuration
|
|
set-config Modify the current Connect CA configuration
|
|
```
|
|
|
|
## get-config
|
|
|
|
This command displays the current CA configuration.
|
|
|
|
Usage: `consul connect ca get-config [options]`
|
|
|
|
#### API Options
|
|
|
|
<%= partial "docs/commands/http_api_options_client" %>
|
|
<%= partial "docs/commands/http_api_options_server" %>
|
|
|
|
The output looks like this:
|
|
|
|
```
|
|
{
|
|
"Provider": "consul",
|
|
"Config": {},
|
|
"CreateIndex": 5,
|
|
"ModifyIndex": 197
|
|
}
|
|
```
|
|
|
|
## set-config
|
|
|
|
Modifies the current CA configuration. If this results in a new root certificate
|
|
being used, the [Root Rotation](/docs/connect/ca.html#root-certificate-rotation) process
|
|
will be triggered.
|
|
|
|
Usage: `consul connect ca set-config [options]`
|
|
|
|
#### API Options
|
|
|
|
<%= partial "docs/commands/http_api_options_client" %>
|
|
<%= partial "docs/commands/http_api_options_server" %>
|
|
|
|
#### Command Options
|
|
|
|
* `-config-file` - (required) Specifies a JSON-formatted file to use for the new configuration.
|
|
The format of this config file matches the request payload documented in the
|
|
[Update CA Configuration API](/api/connect/ca.html#update-ca-configuration).
|
|
|
|
The output looks like this:
|
|
|
|
```
|
|
Configuration updated!
|
|
```
|
|
|
|
The return code will indicate success or failure.
|