https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/Recent content in mtls CLI command reference on Dapr DocsHugoenhttps://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-export/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-export/<h3 id="description">Description</h3> <p>Export the root Certificate Authority (CA), issuer cert and issuer key to local files</p> <h3 id="supported-platforms">Supported platforms</h3> <ul> <li><a href="https://v1-18.docs.dapr.io/operations/hosting/kubernetes/">Kubernetes</a></li> </ul> <h3 id="usage">Usage</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>dapr mtls <span style="color:#204a87">export</span> <span style="color:#ce5c00;font-weight:bold">[</span>flags<span style="color:#ce5c00;font-weight:bold">]</span> </span></span></code></pre></div><h3 id="flags">Flags</h3> <table> <thead> <tr> <th>Name</th> <th>Environment Variable</th> <th>Default</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>--help</code>, <code>-h</code></td> <td></td> <td></td> <td>help for export</td> </tr> <tr> <td><code>--out</code>, <code>-o</code></td> <td></td> <td>current directory</td> <td>The output directory path to save the certs</td> </tr> </tbody> </table> <h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Check expiry of Kubernetes certs</span> </span></span><span style="display:flex;"><span>dapr mtls <span style="color:#204a87">export</span> -o ./certs </span></span></code></pre></div><h3 id="warning-messages">Warning messages</h3> <p>This command can issue warning messages.</p> <h4 id="root-certificate-renewal-warning">Root certificate renewal warning</h4> <p>If the mtls root certificate deployed to the Kubernetes cluster expires in under 30 days the following warning message is displayed:</p>https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-expiry/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-expiry/<h3 id="description">Description</h3> <p>Checks the expiry of the root Certificate Authority (CA) certificate</p> <h3 id="supported-platforms">Supported platforms</h3> <ul> <li><a href="https://v1-18.docs.dapr.io/operations/hosting/kubernetes/">Kubernetes</a></li> </ul> <h3 id="usage">Usage</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>dapr mtls expiry <span style="color:#ce5c00;font-weight:bold">[</span>flags<span style="color:#ce5c00;font-weight:bold">]</span> </span></span></code></pre></div><h3 id="flags">Flags</h3> <table> <thead> <tr> <th>Name</th> <th>Environment Variable</th> <th>Default</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>--help</code>, <code>-h</code></td> <td></td> <td></td> <td>help for expiry</td> </tr> </tbody> </table> <h3 id="examples">Examples</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#8f5902;font-style:italic"># Check expiry of Kubernetes certs</span> </span></span><span style="display:flex;"><span>dapr mtls expiry </span></span></code></pre></div>https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-renew-certificate/Mon, 01 Jan 0001 00:00:00 +0000https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-renew-certificate/<h3 id="description">Description</h3> <p>This command can be used to renew expiring Dapr certificates. For example the Dapr Sentry service can generate default root and issuer certificates used by applications. For more information see <a href="https://v1-18.docs.dapr.io/reference/cli/dapr-mtls/dapr-mtls-renew-certificate/#secure-dapr-to-dapr-communication">secure Dapr to Dapr communication</a></p> <h3 id="supported-platforms">Supported platforms</h3> <ul> <li><a href="https://v1-18.docs.dapr.io/operations/hosting/kubernetes/">Kubernetes</a></li> </ul> <h3 id="usage">Usage</h3> <div class="highlight"><pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>dapr mtls renew-certificate <span style="color:#ce5c00;font-weight:bold">[</span>flags<span style="color:#ce5c00;font-weight:bold">]</span> </span></span></code></pre></div><h3 id="flags">Flags</h3> <table> <thead> <tr> <th>Name</th> <th>Environment Variable</th> <th>Default</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>--help</code>, <code>-h</code></td> <td></td> <td></td> <td>help for renew-certificate</td> </tr> <tr> <td><code>--kubernetes</code>, <code>-k</code></td> <td></td> <td><code>false</code></td> <td>supported platform</td> </tr> <tr> <td><code>--valid-until</code></td> <td></td> <td>365 days</td> <td>Validity for newly created certificates</td> </tr> <tr> <td><code>--restart</code></td> <td></td> <td>false</td> <td>Restarts Dapr control plane services (Sentry service, Operator service and Placement server)</td> </tr> <tr> <td><code>--timeout</code></td> <td></td> <td>300 sec</td> <td>The timeout for the certificate renewal process</td> </tr> <tr> <td><code>--ca-root-certificate</code></td> <td></td> <td></td> <td>File path to user provided PEM root certificate</td> </tr> <tr> <td><code>--issuer-public-certificate</code></td> <td></td> <td></td> <td>File path to user provided PEM issuer certificate</td> </tr> <tr> <td><code>--issuer-private-key</code></td> <td></td> <td></td> <td>File path to user provided PEM issue private key</td> </tr> <tr> <td><code>--private-key</code></td> <td></td> <td></td> <td>User provided root.key file which is used to generate root certificate</td> </tr> </tbody> </table> <h3 id="examples">Examples</h3> <h4 id="renew-certificates-by-generating-brand-new-certificates">Renew certificates by generating brand new certificates</h4> <p>Generates new root and issuer certificates for the Kubernetes cluster with a default validity of 365 days. The certificates are not applied to the Dapr control plane.</p>