certmgr is a tool for managing certificates using CFSSL. It does the following:
Ensures certificates are present.
Renews certificates before they expire.
Triggering a service reload or restart on certificate updates.
It operates on certificate specs, which are JSON files containing the information needed to generate a certificate. These are currently JSON due to the way CFSSL works; a future update can add YAML tags to the relevant CFSSL structures to allow these to be YAML files.
If a certificate can't be renewed (i.e. there's a problem talking to the CA), the certificate is kept in the renewal queue and will be attempted later.
When run without any subcommands, certmgr will start monitoring certificates. The configuration and specifications can be validated using the check subcommand.
|