Skip to content

Commit e5dae5b

Browse files
authored
[Doc] Improve doc for certutil parameter applicability (elastic#91124) (elastic#91145)
The http command does not take most of the parameters. This PR ensures it is consistently documented for all parameters.
1 parent 24e7262 commit e5dae5b

File tree

1 file changed

+21
-20
lines changed

1 file changed

+21
-20
lines changed

docs/reference/commands/certutil.asciidoc

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -128,70 +128,71 @@ explains how to use the files.
128128
=== Parameters
129129

130130
`ca`:: Specifies to generate a new local certificate authority (CA). This
131-
parameter cannot be used with the `csr` or `cert` parameters.
131+
parameter cannot be used with the `csr`, `cert` or `http` parameters.
132132

133133
`cert`:: Specifies to generate new X.509 certificates and keys.
134-
This parameter cannot be used with the `csr` or `ca` parameters.
134+
This parameter cannot be used with the `csr`, `ca` or `http` parameters.
135135

136136
`csr`:: Specifies to generate certificate signing requests. This parameter
137-
cannot be used with the `ca` or `cert` parameters.
137+
cannot be used with the `ca`, `cert` or `http` parameters.
138138

139139
`http`:: Generates a new certificate or certificate request for the {es} HTTP
140-
interface.
140+
interface. This parameter cannot be used with the `ca`, `cert` or `csr` parameters.
141141

142142
`--ca <file_path>`:: Specifies the path to an existing CA key pair
143-
(in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters.
143+
(in PKCS#12 format). This parameter is only applicable to the `cert` parameter.
144144

145145
`--ca-cert <file_path>`:: Specifies the path to an existing CA certificate (in
146146
PEM format). You must also specify the `--ca-key` parameter. The `--ca-cert`
147-
parameter cannot be used with the `ca` or `csr` parameters.
147+
parameter is only applicable to the `cert` parameter.
148148

149149
`--ca-dn <name>`:: Defines the _Distinguished Name_ (DN) that is used for the
150150
generated CA certificate. The default value is
151151
`CN=Elastic Certificate Tool Autogenerated CA`. This parameter cannot be used
152-
with the `csr` parameter.
152+
with the `csr` or `http` parameters.
153153

154154
`--ca-key <file_path>`:: Specifies the path to an existing CA private key (in
155155
PEM format). You must also specify the `--ca-cert` parameter. The `--ca-key`
156-
parameter cannot be used with the `ca` or `csr` parameters.
156+
parameter is only applicable to the `cert` parameter.
157157

158158
`--ca-pass <password>`:: Specifies the password for an existing CA private key
159-
or the generated CA private key. This parameter cannot be used with the `ca` or
160-
`csr` parameters.
159+
or the generated CA private key. This parameter is only applicable to the `cert` parameter
161160

162161
`--days <n>`:: Specifies an integer value that represents the number of days the
163162
generated certificates are valid. The default value is `1095`. This parameter
164-
cannot be used with the `csr` parameter.
163+
cannot be used with the `csr` or `http` parameters.
165164

166165
`--dns <domain_name>`:: Specifies a comma-separated list of DNS names. This
167-
parameter cannot be used with the `ca` parameter.
166+
parameter cannot be used with the `ca` or `http` parameters.
168167

169168
`-E <KeyValuePair>`:: Configures a setting.
170169

171170
`-h, --help`:: Returns all of the command parameters.
172171

173172
`--in <input_file>`:: Specifies the file that is used to run in silent mode. The
174-
input file must be a YAML file. This parameter cannot be used with the `ca`
175-
parameter.
173+
input file must be a YAML file. This parameter cannot be used with the `ca` or
174+
`http` parameters.
176175

177176
`--ip <IP_addresses>`:: Specifies a comma-separated list of IP addresses. This
178-
parameter cannot be used with the `ca` parameter.
177+
parameter cannot be used with the `ca` or `http` parameters.
179178

180179
`--keysize <bits>`::
181180
Defines the number of bits that are used in generated RSA keys. The default
182-
value is `2048`.
181+
value is `2048`. This parameter cannot be used with the `http` parameter.
183182

184183
`--multiple`::
185184
Specifies to generate files for multiple instances. This parameter cannot be
186-
used with the `ca` parameter.
185+
used with the `ca` or `http` parameters.
187186

188187
`--name <file_name>`::
189188
Specifies the name of the generated certificate. This parameter cannot be used
190-
with the `ca` parameter.
189+
with the `ca` or `http` parameters.
191190

192-
`--out <file_path>`:: Specifies a path for the output files.
191+
`--out <file_path>`:: Specifies a path for the output files. This parameter
192+
cannot be used with the `http` parameter.
193193

194194
`--pass <password>`:: Specifies the password for the generated private keys.
195+
This parameter cannot be used with the `http` parameters.
195196
+
196197
Keys stored in PKCS#12 format are always password protected, however,
197198
this password may be _blank_. If you want to specify a blank password
@@ -206,7 +207,7 @@ wish to password-protect your PEM keys, then do not specify
206207

207208

208209
`--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This
209-
parameter cannot be used with the `csr` parameter.
210+
parameter cannot be used with the `csr` or `http` parameters.
210211

211212
`--self-signed`:: Generates self-signed certificates. This parameter is only
212213
applicable to the `cert` parameter.

0 commit comments

Comments
 (0)