Skip to main content

tcld generate-certificates command reference

The tcld generate-certificates commands generate certificate authority (CA) and end-entity TLS certificates for Temporal Cloud.

Alias: gen

tcld generate-certificates certificate-authority-certificate

The tcld generate-certificates certificate-authority-certificate command generates certificate authority (CA) certificates for Temporal Cloud.

tcld generate-certificates certificate-authority-certificate <modifiers>

Alias: ca

The following modifiers control the behavior of the command.

--organization

Specify an organization name for certificate generation.

Alias: --org

Example

tcld generate-certificates certificate-authority-certificate --organization <value>

--validity-period

Specify the duration for which the certificate is valid. Format values as d/h (for example, 30d10h for a certificate lasting 30 days and 10 hours).

Alias: -d

Example

tcld generate-certificates certificate-authority-certificate --validity-period <value>

--ca-certificate-file

Specify a path to a .pem file where the generated X.509 certificate file will be stored.

Alias: --ca-cert

Example

tcld generate-certificates certificate-authority-certificate --ca-certificate-file <path>

--ca-key-file

Specify a path to a .key file where the certificate's private key will be stored.

Alias: --ca-key

Example

tcld generate-certificates certificate-authority-certificate --ca-key-file <path>

--rsa-algorithm

When enabled, a 4096-bit RSA key pair is generated for the certificate instead of an ECDSA P-384 key pair. Because an ECDSA P-384 key pair is the recommended default, this option is disabled.

Alias: --rsa

Example

tcld generate-certificates certificate-authority-certificate --rsa-algorithm <boolean>

tcld generate-certificates end-entity-certificate

The tcld generate-certificates end-entity-certificate command generates end-entity (leaf) certificates for Temporal Cloud.

tcld generate-certificates end-entity-certificate <modifiers>

Alias: leaf

The following modifiers control the behavior of the command.

--organization

Specify an organization name for certificate generation.

Alias: --org

Example

tcld generate-certificates end-entity-certificate --organization <value>

--organization-unit

Optional: Specify the name of the organization unit.

Example

tcld generate-certificates end-entity-certificate --organization-unit <value>

--validity-period

Specify the duration for which the certificate is valid. Format values as d/h (for example, 30d10h for a certificate lasting 30 days and 10 hours).

Alias: -d

Example

tcld generate-certificates end-entity-certificate --validity-period <value>

--ca-certificate-file

Specify the path of the X.509 CA certificate in a .pem file for the certificate authority.

Alias: --ca-cert

Example

tcld generate-certificates end-entity-certificate --ca-certificate-file <path>

--ca-key-file

Specify the path of the private key in a .key file for the certificate authority.

Alias: --ca-key

Example

tcld generate-certificates end-entity-certificate --ca-key-file <path>

--certificate-file

Specify a path to a .pem file where the generated X.509 leaf certificate file will be stored.

Alias: --cert

Example

tcld generate-certificates end-entity-certificate --certificate-file <path>

--key-file

Specify a path to a .key file where the leaf certificate's private key will be stored.

Alias: --key

Example

tcld generate-certificates end-entity-certificate --key-file <path>