To check for PKI changes, you can periodicallyĬloak-server pki -out /path/to/pki/ -post-hook cloak-pki-updated.sh This tag is saved to our config file and sent in The response to the PKI request includes a value that we can use to detectĬhanges, similar to an ETag. crl_urls.txt A text file with URLs to any certificate revocation lists (CRLs) that we client_ca.pem The intermediate that directly signs client certificates. server.pem The server certificate followed by intermediates. This will create several files: anchor.pem The anchor certificate for the private PKI. Once the request has been approved, you can download the server certificateĪlong with all associated PKI information: AnĪdministrator must approve the request, entering the PKI password, if necessary. If the request is sent successfully, it will appear on your team dashboard. If it doesĮxist, it must be an RSA key of at least 2048 bits. If the given key does not exist, one will be generated for you. The first step isĬloak-server req -key /path/to/server-key.pem ![]() Now that the server is registered, you need to provision it. Subset will be printed in human-readable form.Ĭloak-server update -name Certificates Pass -json to see the whole server structure returned by the API otherwise, a ![]() Targets (representing subsets of your servers), you'll also need a targetĪll parameters can be passed to the registration command, or you can let it The first step is to register your server with your team. This config file will be both read and written to, so it's important to make
0 Comments
Leave a Reply. |