Add certificate extract command for conversion between P12, PEM, and DER #589
Conversation
github-actions
bot
added
the
needs triage
|
@maraino @z8674558 I've reviewed and generally everything looks good to me. I committed some grammar / documentation changes on top. The only additional question / comment I have is whether we should use Maybe our answer to the above is that we always use the same encryption on the output as was used on the input, but then there's no need for |
@maraino Doesn't that contradict what we laid out here: #574 (comment)? |
github-actions
bot
added
the
needs triage
| Convert a .p12 file to a certificate and private key: | ||
|
|
||
| ''' | ||
| $ step certificate format foo.p12 --crt foo.crt --key foo.key --format pem | ||
| ''' | ||
|
|
||
| Convert a .p12 file to a certificate, private key and intermediate certificates: | ||
|
|
||
| ''' | ||
| $ step certificate format foo.p12 --crt foo.crt --key foo.key --ca intermediate.crt --format pem | ||
| ''' |
There was a problem hiding this comment.
It looks like if the flag --format is not passed it will write PEM files, as it should be. We should show this in one of these two examples, explaining that is the default behavior.
|
|
||
| // If format is PEM or DER (not P12) then an input certificate file is required. | ||
| if format != "p12" { | ||
| return errors.Errorf("flag --format with value '%s' requires a certificate file as positional argument", format) |
There was a problem hiding this comment.
Commands like these will stop working:
$ cat cert.pem | step certificate format
... der data ...
$ cat cert.der | step certificate format
... pem data ...
Original PR #574