The tedge cert command
tedge cert
Create and manage device certificate
Usage: tedge cert [OPTIONS] <COMMAND>
Commands:
create Create a self-signed device certificate
create-csr Create a certificate signing request
create-key-hsm Generate a new keypair on the PKCS #11 token and select it to be used
renew Renew the device certificate
needs-renewal Check if the device certificate has to be renewed
show Show the device certificate, if any
remove Remove the device certificate
upload Upload the device certificate to the cloud
download Request and download the device certificate
help Print this message or the help of the given subcommand(s)
Options:
--config-dir <CONFIG_DIR>
[env: TEDGE_CONFIG_DIR, default: /etc/tedge]
--debug
Turn-on the DEBUG log level.
If off only reports ERROR, WARN, and INFO, if on also reports DEBUG
--log-level <LOG_LEVEL>
Configures the logging level.
One of error/warn/info/debug/trace. Logs with verbosity lower or equal to the selected level will be printed, i.e. warn prints ERROR and WARN logs and trace prints logs of all levels.
Overrides `--debug`
-h, --help
Print help (see a summary with '-h')
Create​
tedge cert create
Create a self-signed device certificate.
This command creates the device certificate and private key, and persists them, if they don't already exist.
If thin-edge is configured to use private key from an HSM (see https://thin-edge.github.io/thin-edge.io/references/hsm-support), the key needs to be present on the token (see `tedge cert create-key-hsm` command if you need to create it) and selected. After invoking the command, only the new certificate will be persisted.
Usage: tedge cert create [OPTIONS] [COMMAND]
Commands:
c8y
az
aws
help Print this message or the help of the given subcommand(s)
Options:
--config-dir <CONFIG_DIR>
[env: TEDGE_CONFIG_DIR, default: /etc/tedge]
--device-id <ID>
The device identifier to be used as the common name for the certificate
--debug
Turn-on the DEBUG log level.
If off only reports ERROR, WARN, and INFO, if on also reports DEBUG
--log-level <LOG_LEVEL>
Configures the logging level.
One of error/warn/info/debug/trace. Logs with verbosity lower or equal to the selected level will be printed, i.e. warn prints ERROR and WARN logs and trace prints logs of all levels.
Overrides `--debug`
-h, --help
Print help (see a summary with '-h')
Create-csr​
tedge cert create-csr
Create a certificate signing request
Usage: tedge cert create-csr [OPTIONS] [COMMAND]
Commands:
c8y
az
aws
help Print this message or the help of the given subcommand(s)
Options:
--config-dir <CONFIG_DIR>
[env: TEDGE_CONFIG_DIR, default: /etc/tedge]
--device-id <ID>
The device identifier to be used as the common name for the certificate
--debug
Turn-on the DEBUG log level.
If off only reports ERROR, WARN, and INFO, if on also reports DEBUG
--output-path <OUTPUT_PATH>
Path where a Certificate signing request will be stored
--log-level <LOG_LEVEL>
Configures the logging level.
One of error/warn/info/debug/trace. Logs with verbosity lower or equal to the selected level will be printed, i.e. warn prints ERROR and WARN logs and trace prints logs of all levels.
Overrides `--debug`
-h, --help
Print help (see a summary with '-h')
Show​
tedge cert show
Show the device certificate, if any
Usage: tedge cert show [OPTIONS] [COMMAND]
Commands:
c8y
az
aws
help Print this message or the help of the given subcommand(s)
Options:
--cert-path <CERT_PATH>
Path to the certificate - default to the configured device certificate
--config-dir <CONFIG_DIR>
[env: TEDGE_CONFIG_DIR, default: /etc/tedge]
--debug
Turn-on the DEBUG log level.
If off only reports ERROR, WARN, and INFO, if on also reports DEBUG
--new
Show the new certificate, if any, instead of the current one
--log-level <LOG_LEVEL>
Configures the logging level.
One of error/warn/info/debug/trace. Logs with verbosity lower or equal to the selected level will be printed, i.e. warn prints ERROR and WARN logs and trace prints logs of all levels.
Overrides `--debug`
-h, --help
Print help (see a summary with '-h')
Remove​
tedge cert remove
Remove the device certificate
Usage: tedge cert remove [OPTIONS] [COMMAND]
Commands:
c8y
az
aws
help Print this message or the help of the given subcommand(s)
Options:
--config-dir <CONFIG_DIR>
[env: TEDGE_CONFIG_DIR, default: /etc/tedge]
--debug
Turn-on the DEBUG log level.
If off only reports ERROR, WARN, and INFO, if on also reports DEBUG
--log-level <LOG_LEVEL>
Configures the logging level.
One of error/warn/info/debug/trace. Logs with verbosity lower or equal to the selected level will be printed, i.e. warn prints ERROR and WARN logs and trace prints logs of all levels.
Overrides `--debug`
-h, --help
Print help (see a summary with '-h')
Upload​
tedge cert upload
Upload the device certificate to the cloud
If the device certificate has been renewed, then the new certificate is uploaded.
Usage: tedge cert upload [OPTIONS] <COMMAND>
Commands:
c8y Upload root certificate to Cumulocity
help Print this message or the help of the given subcommand(s)
Options:
--config-dir <CONFIG_DIR>
[env: TEDGE_CONFIG_DIR, default: /etc/tedge]
--debug
Turn-on the DEBUG log level.
If off only reports ERROR, WARN, and INFO, if on also reports DEBUG
--log-level <LOG_LEVEL>
Configures the logging level.
One of error/warn/info/debug/trace. Logs with verbosity lower or equal to the selected level will be printed, i.e. warn prints ERROR and WARN logs and trace prints logs of all levels.
Overrides `--debug`
-h, --help
Print help (see a summary with '-h')