Search
Varnish Controller
Introduction Changelog Known Issues Upgrading Deprecation Version 6 Version 5 Version 4 Version 3 Version 2 Version 1 Versioning License Features System Overview Demo Concepts Agent Router RoutingRules Tag VCL Domain Deployment Certificates Roles VCLGroup Deployment Types API Logs Private/Shared Config/ConfigSets Authentication System Admin Regular Users Identity Provider Sessions Examples Authorization Organization Account Permission Examples CLI CLI Examples CLI Manual User Interface API API examples Invalidations Integrations Varnish Statistics Installation Quickstart NATS PostgreSQL Brainz API-GW Agents Routers Containers Identity Provider VCLI Graphical User Interface Mapped Ports Routing Plugins gRPC FAQ Examples Deploying VCL files Change a VCL file Purging multiple paths Banning paths Using Labels Certificates HTTP Routing Routing Decisions Private Agents Debugging Multiple Regions OIDC - Microsoft Entra (Azure AD) Staged Deployment Drain Traffic Config/ConfigSet Organizations

vcli certificates

Handle certificates

Synopsis

Handle TLS certificates, such as listing, add, delete or update.

Examples:

vcli certificate list
vcli certificate ls -f id=1
vcli certificate ls -f name="MyCertificate*"
vcli certificate add mycert --cert /path/to/certificate.pem --key /path/to/private-key.pem --database
vcli certificate add mycert --cert /path/on/server/certificate.pem --key /path/on/server/private-key.pem --disk
vcli certificate add mycert --cert /path/to/concatenated.pem --database
vcli certificate update 1 --cert /path/to/certificate.pem --key /path/to/private-key.pem --database
vcli certificate update 1 --cert /path/on/server/certificate.pem --key /path/on/server/private-key.pem --disk
vcli certificate update 1 --cert /path/to/concatenated.pem --database
vcli certificate update 1 --name newname
vcli certificate delete 1
vcli certificate inspect 1

Options for certificate storage:

–database/–disk are options that determine where and how the certificates are stored and managed.

–database Option:

Certificate and key will be stored in the database. Once stored, 
users can't directly access the certificate and private key; only the certificate context 
with details like expiration dates, SANs and configuration is available.

–disk Option:

Only the certificate and key paths are stored in the database. 
During deployment, the agent or router will search for the certificate 
at the specified absolute path, which the component needs access to. 
This approach is more passive, as the controller will not retrieve 
the certificate content, and therefore, it will not have access 
to the certificate context, including details such as Expiry, SANs, etc. 
In vcli, all certificate fields will be displayed as "Unmanaged."

Any changes made to the certificate source on disk will be recognized 
by the agent or router. The updated certificate will be used 
immediately for incoming connections.

Options

  -h, --help   help for certificates

Options inherited from parent commands

  -c, --config string   configuration file for the CLI (default ~/.vcli.yml)
                        Could also be set via VARNISH_CONTROLLER_CLI_CONFIG=/path/to/config.yml
      --csv             Output the response table as CSV format.
  -j, --json            Output the response table as JSON format.

SEE ALSO

Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
News
Varnish Enterprise 6.0.13r9
Varnish Controller 6.6.0
Varnish Enterprise 6.0.13r8
Varnish Helm Chart 1.6.1
Varnish Controller 6.5.0
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203