az sf cluster certificate

Manage a cluster certificate.

Commands

az sf cluster certificate add

Add a secondary cluster certificate to the cluster.

az sf cluster certificate remove

Remove a certificate from a cluster.

az sf cluster certificate add

Add a secondary cluster certificate to the cluster.

az sf cluster certificate add --cluster-name
                              --resource-group
                              [--cert-out-folder]
                              [--cert-subject-name]
                              [--certificate-file]
                              [--certificate-password]
                              [--secret-identifier]
                              [--subscription]
                              [--vault-name]
                              [--vault-resource-group]

Examples

Add a certificate to a cluster using a keyvault secret identifier.

az sf cluster certificate add -g group-name -c cluster1 \
    --secret-identifier 'https://{KeyVault}.vault.azure.net/secrets/{Secret}'

Add a self-signed certificate to a cluster.

az sf cluster certificate add -g group-name -c cluster1 --certificate-subject-name test.com

Add a secondary cluster certificate to the cluster. (autogenerated)

az sf cluster certificate add --cluster-name cluster1 --resource-group group-name --secret-identifier 'https://{KeyVault}.vault.azure.net/secrets/{Secret}' --vault-name MyVault

Required Parameters

--cluster-name -c

Specify the name of the cluster, if not given it will be same as resource group name.

--resource-group -g

Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--cert-out-folder --certificate-output-folder

The folder of the new certificate file to be created.

--cert-subject-name --certificate-subject-name

The subject name of the certificate to be created.

--certificate-file

The existing certificate file path for the primary cluster certificate.

--certificate-password

The password of the certificate file.

--secret-identifier

The existing Azure key vault secret URL.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--vault-name

Azure key vault name, it not given it will be the cluster resource group name.

--vault-resource-group

Key vault resource group name, if not given it will be cluster resource group name.

az sf cluster certificate remove

Remove a certificate from a cluster.

az sf cluster certificate remove --cluster-name
                                 --resource-group
                                 --thumbprint
                                 [--subscription]

Examples

Remove a certificate by thumbprint.

az sf cluster certificate remove -g group-name -c cluster1 --thumbprint '5F3660C715EBBDA31DB1FFDCF508302348DE8E7A'

Required Parameters

--cluster-name -c

Specify the name of the cluster, if not given it will be same as resource group name.

--resource-group -g

Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.

--thumbprint

The cluster certificate thumbprint to be removed.

Optional Parameters

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.