Digicert CLI

Build Status Code Climate Gem Version

The Digicert CLI is a tool that allows us to manage Digicert orders, certificates and etc using Digicert Ruby Client.

Configure

The CLI commands are heavily dependent on the Digicert API. Please follow the instruction here to request an API Key from Digicert, Once you have your API key then you can configure it using the config command.

$ digicert config api-key YOUR_API_KEY

Usages

Getting Help

We have been trying to simplify the CLI with proper help documentation. Each of the command and subcommand should provide you the basic usages guide with the list of supported options.

The parent command should fire up the help documentation, but if it does not then you can explicitly call the help command or pass -h flags with any of the command and that should fire up the documentation. For example

$ digicert help

Commands:
  digicert certificate     # Manage Digicert Certificates
  digicert config          # Configure The CLI Client
  digicert csr             # Fetch/generate Certificate CSR
  digicert help [COMMAND]  # Describe available / One specific command
  digicert order           # Manage Digicert Orders

The above command lists the available commands with a basic description. As you might have noticed, it also ships with a help command which can be used to fire up the usages guide and options for it's nested command.

# digicert order -h
$ digicert help order

Commands:
  digicert order find              # Find a digicert order
  digicert order help [COMMAND]    # Describe subcommands or one specific
  digicert order list              # List digicert orders
  digicert order reissue ORDER_ID  # Reissue digicert order

Hopefully you get the idea, we are trying our best to keep this guide up to date but whenever you need some more information please add the -h flags with any commands or subcommands and you should see more accurate help documentation.

Orders

Listing Orders

The CLI made listing Digicert orders pretty simple, once we have our API key configured then we can list all of our orders using the order list command.

$ digicert order list

+---------------+---------------+------------------+-------------+-------------+
| Id            | Product Type  | Common Name      | Status      | Expiry      |
+---------------+---------------+------------------+-------------+-------------+
| xxxxx65       | ssl_wildcard  | *.ribosetest.com | expired     | 2018-06-25  |
| xxxxx20       | ssl_wildcard  | *.ribosetest.com | issued      | 2018-06-15  |
| xxxxx06       | ssl_wildcard  | *.ribosetest.com | revoked     | 2018-05-09  |
+---------------+---------------+------------------+-------------+-------------+

The above command without any option will list out all of our Digicert orders, but if we need to filter those orders then we can do that by passing --filter option and the expected values as in key:value pair.

For example, to list all of the orders that has product type of ssl_wildcard we can use the following and it will list only the filtered orders.

$ digicert order list --filter 'product_name_id:ssl_wildcard'

Supported filters options are date_created, valid_till, status, search, common_name and product_name_id. Please check the wiki for more uptodate filter options list.

Find an order

To find an order we can use order find command, by default it will print the order details in the console but this command also supports the normal filter options as described on the listing order section.

One important thing to remember, it will only retrieve one single entry, so if you have multiple orders in your specified terms then it will only retrieve the most recent one from that list.

$ digicert order find --filter 'common_name:ribosetest.com' 'product_name_id:ssl_plus'

#<Digicert::ResponseObject id=xxx04, certificate=#<Digicert::ResponseObject
..........................id=xxxx08 price=xxxx, product_name_id="ssl_plus">

Lots of information? Well, if you don't need that much details and only need the ID then you can pass the --quiet flags and it will only print the order id.

Reissue an order

To reissue a non-expired order we can use the order reissue command and pass the order id. By default it will reissue the order using the existing details but we can update that by passing the certificate CSR as--csr

$ digicert order reissue 12345 --csr path_to_the_new_csr.csr

Reissue request xxxxx8 created for order - 123456

Pretty cool right? The above command also support --output option that we can use to download the reissued certificates. To download we need to provide a valid path and it will automatically download the certificates to it

$ digicert order reissue 123456 --output /path/to/downloads

Reissue request 1xxxxx created for order - 123456

Fetch attempt 1..
Downloaded certificate to:

/path/to/downloads/123456.root.crt
/path/to/downloads/123456.certificate.crt
/path/to/downloads/123456.intermediate.crt

Certificate

Fetch a certificate

The certificate fetch command retrieves the certificate for any specific order, by default it will print out the certificate detail in the console but if we can change it by passing additional option to it. Like the --quiet flags will only return the certificate id instead of all the details

$ digicert certificate fetch 123456789 --quiet

Download a certificate

To download a certificate we can use the same certificate fetch command but with the --output option. Based on the --output option this command will fetch and download the certificates to the provided path.

$ digicert certificate fetch 123456 --output /path/to/downloads

The fetch command only works with the order_id but what if we have the certificate id? Well, we have another command certificate download which supports both the --order-id and the certificate-id.

$ digicert certificate download --order-id 654321 --output /downloads
$ digicert certificate download --certificate-id 123456 --output /downloads

List duplicate certificates

Digicert allows us to duplicate a certificate and if we want to list all of the duplicates then we can use the certificate duplicates command. It expects us to provide the order-id to list all the duplicates

$ digicert certificate duplicates 123456

+----------+-------------------+------------------+----------+--------------+
| Id       | Common Name       | SAN Names        | Status   | Validity     |
+----------+-------------------+------------------+----------+--------------+
| xxxxx19  | *.ribosetest.com  | *.ribosetest.com | approved | xxxxx-xxxxxx |
|          |                   | ribosetest.com   |          |              |
+----------+-------------------+------------------+----------+--------------+

CSR

Fetch an order's CSR

Retrieving a CSR is pretty easy, if we have an order id and we want retrieve it's CSR then we can use the csr fetch command and it will print out the details in the console.

$ digicert csr fetch 123456

Generate a new CSR

Digicert gem usages a third party library to generate a CSR, and this CLI included that to simply the CSR generation, so if we need to generate a new CSR then we can use the csr generate command and pass the order id with a key file and it will generate a new CSR.

$ digicert csr generate --oreder-id 12345 --key /path/to/the/key-file.key

This command also supports custom details like common-name and san. We can pass those as --common-name and the --san and it will use those to generate the CSR

$ digicert csr generate --common-name ribosetest.com --order-id 1234 \
  --san test1.ribosetest.com test2.ribosetest.com --key path_to_key_file

Development

We are following Sandi Metz's Rules for this gem, you can read the description of the rules here All new code should follow these rules. If you make changes in a pre-existing file that violates these rules you should fix the violations as part of your contribution.

Setup

Clone the repository.

git clone https://github.com/riboseinc/digicert-cli

Setup your environment.

bin/setup

Run the test suite

bin/rspec

Contributing

First, thank you for contributing! We love pull requests from everyone. By participating in this project, you hereby grant Ribose Inc. the right to grant or transfer an unlimited number of non exclusive licenses or sub-licenses to third parties, under the copyright covering the contribution to use the contribution by all means.

Here are a few technical guidelines to follow:

  1. Open an issue to discuss a new feature.
  2. Write tests to support your new feature.
  3. Make sure the entire test suite passes locally and on CI.
  4. Open a Pull Request.
  5. Squash your commits after receiving feedback.
  6. Party!

Credits

This gem is developed, maintained and funded by Ribose Inc.