MCPcopy
hub / github.com/saltstack/salt / create_certificate

Function create_certificate

salt/client/ssh/wrapper/ssh_pki.py:51–204  ·  view source on GitHub ↗

Create an OpenSSH certificate and return an encoded version of it. .. note:: All parameters that take a public key or private key can be specified either as a string or a path to a local file encoded for OpenSSH. CLI Example: .. code-block:: bash

(
    ca_server=None,
    signing_policy=None,
    path=None,
    overwrite=False,
    raw=False,
    **kwargs,
)

Source from the content-addressed store, hash-verified

49
50
51def create_certificate(
52 ca_server=None,
53 signing_policy=None,
54 path=None,
55 overwrite=False,
56 raw=False,
57 **kwargs,
58):
59 """
60 Create an OpenSSH certificate and return an encoded version of it.
61
62 .. note::
63
64 All parameters that take a public key or private key
65 can be specified either as a string or a path to a
66 local file encoded for OpenSSH.
67
68 CLI Example:
69
70 .. code-block:: bash
71
72 salt-ssh '*' ssh_pki.create_certificate private_key=/root/.ssh/id_rsa signing_private_key='/etc/pki/ssh/myca.key'
73
74 ca_server
75 Request a remotely signed certificate from another minion acting as
76 a CA server. For this to work, a ``signing_policy`` must be specified,
77 and that same policy must be configured on the ca_server. See `Signing policies`_
78 for details. Also, the Salt master must permit peers to call the
79 ``sign_remote_certificate`` function, see `Peer communication`_.
80
81 signing_policy
82 The name of a configured signing policy. Parameters specified in there
83 are hardcoded and cannot be overridden. This is required for remote signing,
84 otherwise optional. See `Signing policies`_ for details.
85
86 copypath
87 Create a copy of the issued certificate in this directory.
88 The file will be named ``<serial_number>.crt``.
89
90 path
91 Instead of returning the certificate, write it to this file path.
92
93 overwrite
94 If ``path`` is specified and the file exists, do not overwrite it.
95 Defaults to false.
96
97 raw
98 Return the encoded raw bytes instead of a string. Defaults to false.
99
100 cert_type
101 The certificate type to generate. Either ``user`` or ``host``.
102 Required if not specified in the signing policy.
103
104 private_key
105 The private key corresponding to the public key the certificate should
106 be issued for. Either this or ``public_key`` is required.
107
108 private_key_passphrase

Callers

nothing calls this directly

Calls 4

SaltInvocationErrorClass · 0.90
itemsMethod · 0.45

Tested by

no test coverage detected