# vhsm pki

This command allows you to manage and interact with the PKI Secrets Engine in vHSM. It includes functionalities such as checking PKI mount health, issuing certificates, verifying signatures, and managing certificate chains.

### **Usage**

```shell
vhsm pki <subcommand> [options] [args]
```

The `vhsm pki` command provides subcommands for interacting with vHSM’s PKI Secrets Engine.

For detailed usage of each subcommand, use:

```shell
vhsm pki <subcommand> --help
```

### **Examples**

Check the health of a PKI mount:

```shell
vhsm pki health-check pki
```

### **Subcommands**

| Subcommand                                                                                               | Description                                                                                    |
| -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------- |
| [`health-check`](/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-health-check.md)             | Checks the health and operational status of a PKI Secrets Engine mount.                        |
| [`issue`](/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-issue.md)                           | Generates an issuer on a specified mount using a parent certificate and generation parameters. |
| [`list-intermediates`](/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-list-intermediates.md) | Determines which certificates in a list were issued by a given parent certificate.             |
| [`reissue`](/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-reissue.md)                       | Creates a new issuer on a child mount using a parent certificate and a template certificate.   |
| [`verify-sign`](/virtual-hsm/cli/security-and-encryption/vhsm-pki/vhsm-pki-verify-sign.md)               | Checks whether one certificate validates another specified certificate.                        |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enclaive.cloud/virtual-hsm/cli/security-and-encryption/vhsm-pki.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.