Page MenuHomeVyOS Platform

Add op mode commands for displaying certificate details and fingerprints
Closed, ResolvedPublic

Description

Right now, run show pki certificate can only show only very basic certificate information:

vyos@vyos-test# run show pki certificate test.example.com 
Certificates:
Name              Type    Subject CN    Issuer CN    Issued               Expiry               Revoked    Private Key    CA Present
----------------  ------  ------------  -----------  -------------------  -------------------  ---------  -------------  ------------
test.example.com  Server  CN=vyos.io    CN=vyos.io   2023-06-07 18:24:46  2024-06-06 18:24:46  No         Yes            No

There is no information about algorithms or anything else. There is also no quick way to get a fingerprint, which will be required when we add support for fingerprint validation (T5269).

We should add two new commands:

  • run show pki certificate <cn> detail — equivalent to openssl x509 -text -noout
  • run show pki certificate <cn> fingerprint <hash> — equivalent to openssl x509 -fingerprint -<hash> -noout.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Improvement (missing useful functionality)