Right now, run show pki certificate can only show only very basic certificate information:
vyos@vyos-test# run show pki certificate test.example.com Certificates: Name Type Subject CN Issuer CN Issued Expiry Revoked Private Key CA Present ---------------- ------ ------------ ----------- ------------------- ------------------- --------- ------------- ------------ test.example.com Server CN=vyos.io CN=vyos.io 2023-06-07 18:24:46 2024-06-06 18:24:46 No Yes No
There is no information about algorithms or anything else. There is also no quick way to get a fingerprint, which will be required when we add support for fingerprint validation (T5269).
We should add two new commands:
- run show pki certificate <cn> detail — equivalent to openssl x509 -text -noout
- run show pki certificate <cn> fingerprint <hash> — equivalent to openssl x509 -fingerprint -<hash> -noout.