vhsm pki issue
Learn to create an intermediate certificate authority (CA) certificate.
The vhsm pki issue command creates an intermediate certificate authority (CA) certificate signed by the <parent> CA and stores it in the <child_mount>. The available options define the fields of the newly created certificate.
Usage
<parent>: The fully qualified path of the Certificate Authority (CA) in vHSM that will issue the new intermediate certificate.<child_mount>: The path of the mount in vHSM where the new issuer will be stored.[flags]: Optional arguments described below.[options]: A set ofkey=valueoptions that control certificate generation. These options correspond to parameters used ingenerate-intermediate-csrandsign-intermediate. At least one option must be provided.
Flags
-type
"internal"
Determines the key type for the newly created certificate. Possible values: "existing" (link to an existing key in the vHSM backend, requires key_ref), "internal" (generate a new key), or "kms" (use an external key). Exported keys are not available through this API.
-issuer_name
"" (empty)
Specifies a name for the newly created issuer.
Options
In addition to -type, this command accepts all options supported by the Generate CSR and Sign Intermediate API endpoints. These options define the properties of the issued certificate.
Required API Access
To execute this command, the vHSM user must have permissions for the following API endpoints:
READ /:parent
Validates the parent certificate.
WRITE /:child_mount/intermediate/generate/:type
Generates the Certificate Signing Request (CSR).
WRITE /:parent/sign-intermediate
Signs the CSR.
WRITE /:child_mount/issuers/import/cert
Imports the new issuer and issuer chain.
UPDATE /:child_mount/issuer/:issuer_refs
Assigns a name to the new issuer and sets its parent in the issuer chain.
READ /:child_mount/issuer/:new_issuer_ref
Verifies completion and generates the output.
Example
Output
Last updated
Was this helpful?