Share via


az sf cluster client-certificate

Manage the client certificate of a cluster.

Commands

Name Description Type Status
az sf cluster client-certificate add

Add a common name or certificate thumbprint to the cluster for client authentication.

Core GA
az sf cluster client-certificate remove

Remove client certificates or subject names used for authentication.

Core GA

az sf cluster client-certificate add

Add a common name or certificate thumbprint to the cluster for client authentication.

az sf cluster client-certificate add --cluster-name
                                     --resource-group
                                     [--admin-client-thumbprints]
                                     [--cert-common-name]
                                     [--cert-issuer-tp]
                                     [--client-cert-cn]
                                     [--is-admin]
                                     [--readonly-client-thumbprints]
                                     [--thumbprint]

Examples

Add client certificate by thumbprint

az sf cluster client-certificate add -g group-name -c cluster1 --thumbprint '5F3660C715EBBDA31DB1FFDCF508302348DE8E7A'

Required Parameters

--cluster-name -c

Specify the name of the cluster, if not given it will be same as resource group name.

--resource-group -g

Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin-client-thumbprints --admin-client-tps

Client certificate thumbprint that only has admin permission.

--cert-common-name --certificate-common-name

Client certificate common name.

--cert-issuer-tp --certificate-issuer-thumbprint

Client certificate issuer thumbprint.

--client-cert-cn --client-certificate-common-names

JSON encoded parameters configuration. Use @{file} to load from a file. For example: [{"isAdmin":true, "certificateCommonName": "test.com", "certificateIssuerThumbprint": "22B4AE296B504E512DF880A77A2CAE20200FF922"}].

--is-admin

Client authentication type.

Default value: False
--readonly-client-thumbprints --readonly-client-tps

Space-separated list of client certificate thumbprint that has read only permission.

--thumbprint

Client certificate thumbprint.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sf cluster client-certificate remove

Remove client certificates or subject names used for authentication.

az sf cluster client-certificate remove --cluster-name
                                        --resource-group
                                        [--cert-common-name]
                                        [--cert-issuer-tp]
                                        [--client-cert-cn]
                                        [--thumbprints]

Examples

Remove a client certificate by thumbprint.

az sf cluster client-certificate remove -g group-name -c cluster1 --thumbprint '5F3660C715EBBDA31DB1FFDCF508302348DE8E7A'

Required Parameters

--cluster-name -c

Specify the name of the cluster, if not given it will be same as resource group name.

--resource-group -g

Specify the resource group name. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--cert-common-name --certificate-common-name

Client certificate common name.

--cert-issuer-tp --certificate-issuer-thumbprint

Client certificate issuer thumbprint.

--client-cert-cn --client-certificate-common-names

JSON encoded parameters configuration. Use @{file} to load from a file. For example: [{"certificateCommonName": "test.com","certificateIssuerThumbprint": "22B4AE296B504E512DF880A77A2CAE20200FF922"}].

--thumbprints

A single or Space-separated list of client certificate thumbprint(s) to be remove.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.