Page MenuHomeVyOS Platform
Create Task
Maniphest T8165

Add operational commands to display PKI private keys and certificate bundles in PEM format
Open, Requires assessmentPublicFEATURE REQUEST
Actions

Description

Summary

Add operational commands to display PKI private keys and certificate bundles in PEM format

Use case

OpenConnect client requires a private key in addition to the certificate, currently, VyOS provides operational commands to display CA and certificates in PEM format, for example:

show pki ca <name> pem
show pki certificate <name> pem

It would be useful to add a system option to:

  • display a private key in PEM format
  • display a bundled PEM (certificate + private key)

Additional information

private key in PEM

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
show pki certificate <name> private-key pem

bundled PEM (certificate + private key)

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
show pki certificate <name> bundled pem

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

a.pidnebesny created this task.Fri, Jan 9, 10:00 AM
a.pidnebesny renamed this task from Add operation commands for display PKI private key in PEM foramt to Add operational commands to display PKI private keys and certificate bundles in PEM format.
pasik subscribed.Fri, Jan 9, 10:11 AM
Viacheslav subscribed.EditedFri, Jan 9, 4:03 PM

Technically, this will be a security issue.
Only users with admin/root rights should be able to view and check all certificates/private keys, etc.