Certificate Storage

Overview

Akeyless Certificat storage allows you to securely store, sort, and browse through your certificates in one secure location, as well as set expiration notifications so you are always prepared.
The certificates are treated as their own type of item inside the Akeyless, with their parsed information saved in the form of a JSON array to represent the certificate chain. The item will include both the certificate itself and the private key (if it exists), which will be stored completely encrypted.

Managing a Certificate in the CLI

Creating a New Certificate

To create a new certificate, use the following command:

akeyless create-certificate -n <certificate-name> -c <path-to-certificate-PEM>

The main parameters for the command are as follows:

  • -n or --name: A unique name for the Certificate. The name can include the path to the virtual folder in which you want to create it, using slash / separators. If the folder does not exist, it will be created together with the Certificate.
  • -c or --certificate: Path to a file that contains the certificate in a PEM format.
  • --certificate-data: Content of the certificate PEM in a Base64 format, if you add this you do not need the certificate path parameter and vice versa.
  • -p or --private-key: Path to the file with the certificate's private key in a PEM format. Not mandatory.
  • --key-data: Content of the certificate's private key PEM in a Base64 format, if you add this you do not need the key path parameter and vice versa.
  • -e or --expiration-event-in: How many days before the expiration of the certificate would you like to be notified, this parameter can be added multiple times for multiple notifications.

Additional parameters can be found in the CLI Reference - Certificates.

Getting a Certificate

In order to view a certificate's value, use the following command:

akeyless get-certificate-value -n <certificate-name>

This command will return the certificate's PEM, and the private key's PEM if it exists, in a JSON file.
Additional parameters can be found in the CLI Reference - Certificates.

Updating a Certificate

This command is similar to the creation command and uses the same parameters, but instead of creating a new item it will update the data in the existing item and overwrite the expiration notifications.
The command is as follows:

akeyless update-certificate-value -n <certificate-name> -c <path-to-certificate-PEM>

All of the parameters from the creation command will also apply here.

Managing a Certificate in the Console

  1. Select New>Certificate.

  2. Fill in the following parameters:

  • Name (mandatory): A unique Certificate name
  • Location: Location within your Akeyless account
  • Description: Certificate description
  • Tags: Additional item tags
  • Delete protection: If switched on, will protect the item from deletion
  • Protection key: If you wish to protect a certificate with one of your keys other than the default you can select it here
  1. After hitting next, you will be able to upload the certificate itself from file (mandatory), and if exists you may also upload the certificate's private key from file.

  2. If you wish to get notified when the certificate's expiration date comes near, select the + symbol next to Add Notification and adjust the day count from the default 30 to any number you desire. This can be done multiple times in order to be notified more than once.


What’s Next