sign sub-command under the
tools cert command creates a private key and a certificate and signs the created certificate with a given Certificate Authority.
containerlab tools cert sign [local-flags]
To set a name under which the certificate and key files will be save the
--name | -n flag can be used. A name set to
mynode will create files
Default value is
A directory path under which the generated files will be placed is set with
--path | -p flag. Defaults to current working directory.
CA Cert and CA Key#
To indicate which CA should sign the certificate request, the command takes a path to CA certificate and CA key files.
--ca-cert flag sets the path to the CA certificate file.
--ca-key flag sets the path to the CA private key file.
Certificate Common Name (CN) field is set with
--cn flag. Defaults to
To add Subject Alternative Names (SAN) use the
--hosts flag that takes a comma separate list of SAN values. Users can provide both DNS names and IP address, and the values will be placed into the DSN SAN and IP SAN automatically.
Certificate Country (C) field is set with
--c flag. Defaults to
Certificate Locality (L) field is set with
--l flag. Defaults to
Certificate Organization (O) field is set with
--o flag. Defaults to
Certificate Organization Unit (OU) field is set with
--ou flag. Defaults to
# create a private key and certificate and sign the latter # with the Hosts list of [node.io, 192.168.0.1] # saving both files under the default name `cert` in the PWD # and signed by the CA identified by cert ca.pem and key ca-key.pem containerlab tools cert sign --ca-cert /tmp/ca.pem \ --ca-key /tmp/ca-key.pem \ --hosts node.io,192.168.0.1
Generated certificate can be verified/viewed with openssl tool:
openssl x509 -in ca.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: 3f:a7:77:54:e1:2f:47:d6:ca:56:72:e1:d1:d8:c9:0c:e8:46:fd:65 <SNIP>