docs: update the 'consul tls' command docs to match the current flags (#7911)

This commit is contained in:
R.B. Boyer 2020-05-18 12:01:14 -05:00 committed by GitHub
parent 8e1e39e6eb
commit 228284758b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 10 deletions

View File

@ -26,4 +26,17 @@ Usage: `consul tls ca create [filename-prefix] [options]`
#### TLS CA Create Options #### TLS CA Create Options
- `-additional-name-constraint=<value>` - Add name constraints for the CA.
Results in rejecting certificates for other DNS than specified. Can be used
multiple times. Only used in combination with `-name-constraint`.
- `-days=<int>` - Provide number of days the CA is valid for from now on, defaults to 5 years. - `-days=<int>` - Provide number of days the CA is valid for from now on, defaults to 5 years.
- `-domain=<string>` - Domain of consul cluster. Only used in combination with
`-name-constraint`. Defaults to `consul`.
- `-name-constraint` - Add name constraints for the CA. Results in rejecting
certificates for other DNS than specified. If turned on localhost and -domain
will be added to the allowed DNS. If the UI is going to be served over HTTPS
its DNS has to be added with `-additional-constraint`. It is not possible to
add that after the fact! Defaults to false.

View File

@ -50,22 +50,34 @@ Usage: `consul tls cert create [filename-prefix] [options]`
#### TLS Cert Create Options #### TLS Cert Create Options
- `-additional-dnsname=<string>` - Provide additional dnsname for Subject Alternative Names. - `-additional-dnsname=<string>` - Provide an additional dnsname for Subject
Alternative Names. localhost is always included. This flag may be provided
multiple times.
- `-additional-ipaddress=<string>` - Provide additional ipaddress for Subject Alternative Names. - `-additional-ipaddress=<string>` - Provide an additional ipaddress for
Subject Alternative Names. `127.0.0.1` is always included. This flag may be
provided multiple times.
- `-ca=<string>` - Provide path to the ca - `-ca=<string>` - Provide path to the ca. Defaults to `#DOMAIN#-agent-ca.pem`.
- `-cli` - Generate cli certificate - `-cli` - Generate cli certificate.
- `-client` - Generate client certificate - `-client` - Generate client certificate.
- `-days=<int>` - Provide number of days the certificate is valid for from now on. - `-days=<int>` - Provide number of days the certificate is valid for from now
on. Defaults to 1 year.
- `-dc=<string>` - Provide the datacenter. Matters only for -server certificates - `-dc=<string>` - Provide the datacenter. Matters only for `-server`
certificates. Defaults to `dc1`.
- `-domain=<string>` - Provide the domain. Matters only for -server certificates - `-domain=<string>` - Provide the domain. Matters only for `-server`
certificates.
- `-key=<string>` - Provide path to the key - `-key=<string>` - Provide path to the key. Defaults to
`#DOMAIN#-agent-ca-key.pem`.
- `-server` - Generate server certificate - `-node=<string>` - When generating a server cert and this is set an
additional dns name is included of the form
`<node>.server.<datacenter>.<domain>`.
- `-server` - Generate server certificate.