ca-certificate, ca

Manages certificate authority (CA) certificates for the current Azure Sphere tenant. For more information, see Manage tenant CA certificate.

Operation Description
download Downloads the CA certificate for the current Azure Sphere tenant as an X.509 '.cer' file.
download-chain Downloads the CA certificate chain for the current Azure Sphere tenant as a PKCS#7 '.p7b' file.
download-proof Downloads a proof-of-possession certificate for the current Azure Sphere tenant as an X.509 '.cer' file.
list Lists all certificates for the current Azure Sphere tenant.

download

Downloads the CA certificate for the current Azure Sphere tenant as an X.509 .cer file.

Required parameters

Parameter Type Description Supported version
-o, --output String Specifies the path and filename at which to save the tenant CA certificate. The file path can be an absolute or relative path but must have the .cer extension. Azure Sphere CLI v1
-f, --destination-file String Specifies the path and filename at which to save the tenant CA certificate. The file path can be an absolute or relative path but must have the .cer extension. Azure Sphere CLI v2 Beta

Optional parameters

Parameter Type Description Supported version
--index Integer Specifies the index of the certificate to download. Run azsphere ca-certificate list to list the certificates and the index values. If no index is supplied, the active certificate is downloaded. You may specify either the index value or thumbprint. - Azure Sphere CLI v1
-Azure Sphere CLI v2 Beta
--thumbprint String Specifies the thumbprint of the certificate to download. Run azsphere ca-certificate list to list the certificates and the thumbprint values. If no thumbprint is supplied, the active certificate is downloaded. You may specify either the index value or thumbprint. - Azure Sphere CLI v1
-Azure Sphere CLI v2 Beta
-t, --tenant String Specifies the ID or name of the Azure Sphere tenant. Azure Sphere CLI v2 Beta
Global parameters

Parameter Description
-v, --verbose Provides verbose output in Azure Sphere CLI v1
-?, --help Displays help on the command in Azure Sphere CLI v1

Note

If you are using Azure Sphere CLI v2 Beta, see Global Parameters for more information on available options.

Example

azsphere ca-certificate download --output ca-cert.cer --index 1
Saving the requested CA certificate to 'C:\Users\Test\Documents\ca-cert.cer'.
Saved the requested CA certificate to 'C:\Users\Test\Documents\ca-cert.cer'.

download-chain

Downloads the CA certificate chain for the current Azure Sphere tenant as a PKCS#7 '.p7b' file.

Required parameters

Parameter Type Description Supported version
-o, --output Filepath Specifies the path and filename at which to save the tenant CA certificate chain. You may provide a relative or absolute path, and must use a '.p7b' extension. Azure Sphere CLI v1
-f, --destination-file String Specifies the path and filename at which to save the tenant CA certificate chain. You may provide a relative or absolute path, and must use a '.p7b' extension. Azure Sphere CLI v2 Beta

Optional parameters

Parameter Type Description Supported version
--index Integer Specifies the index of the certificate to download. Run azsphere ca-certificate list to list the certificates and the index values. If no index is supplied, the active certificate is downloaded. You may specify either the index value or thumbprint. - Azure Sphere CLI v1
- Azure Sphere CLI v2 Beta
--thumbprint String Specifies the thumbprint of the certificate to download. Run azsphere ca-certificate list to list the certificates and the thumbprint values. If no thumbprint is supplied, the active certificate is downloaded. You may specify either the index value or thumbprint. - Azure Sphere CLI v1
- Azure Sphere CLI v2 Beta
-t, --tenant String Specifies the ID or name of the Azure Sphere tenant. Azure Sphere CLI v2 Beta
Global parameters

Parameter Description
-v, --verbose Provides verbose output in Azure Sphere CLI v1
-?, --help Displays help on the command in Azure Sphere CLI v1

Note

If you are using Azure Sphere CLI v2 Beta, see Global Parameters for more information on available options.

Example

azsphere ca-certificate download-chain --output CA-cert-chain.p7b --index 1
Saving the requested CA certificate chain to 'C:\Users\Test\Documents\CA-cert-chain.p7b'.
Saved the requested CA certificate chain to 'C:\Users\Test\Documents\CA-cert-chain.p7b'.

download-proof

Downloads a proof-of-possession certificate for the current Azure Sphere tenant, for use with a provided code, and as an X.509 '.cer' file. This certificate is part of the device authentication and attestation process. For more information on using Azure Sphere devices with Azure IoT, see Use Azure IoT with Azure Sphere.

Required parameters

Parameter Type Description Supported version
-o, --output Filepath Specifies the path and filename at which to save the proof of possession certificate. The filepath can be an absolute or relative path but must use a '.cer' extension. Azure Sphere CLI v1
-c, --verificationcode String Specifies the verification code for the Azure Sphere Security Service to use when generating the certificate. Azure Sphere CLI v1
-f, --destination-file String Specifies the path and filename at which to save the proof of possession certificate. The filepath can be an absolute or relative path but must use a '.cer' extension. Azure Sphere CLI v2 Beta
-c, --verification-code String Specifies the verification code for the Azure Sphere Security Service to use when generating the certificate. Azure Sphere CLI v2 Beta

Optional parameters

Parameter Type Description Supported version
--index Integer Specifies the index of the certificate to download. Run azsphere ca-certificate list to list the certificates and the index values. If no index is supplied, the active certificate is downloaded. You may specify either the index value or thumbprint. - Azure Sphere CLI v1
-Azure Sphere CLI v2 Beta
--thumbprint String Specifies the thumbprint of the certificate to download. Run azsphere ca-certificate list to list the certificates and the thumbprint values. If no thumbprint is supplied, the active certificate is downloaded. You may specify either the index value or thumbprint. - Azure Sphere CLI v1
-Azure Sphere CLI v2 Beta
-t, --tenant String Specifies the ID or name of the Azure Sphere tenant. Azure Sphere CLI v2 Beta
Global parameters

Parameter Description
-v, --verbose Provides verbose output in Azure Sphere CLI v1
-?, --help Displays help on the command in Azure Sphere CLI v1

Note

If you are using Azure Sphere CLI v2 Beta, see Global Parameters for more information on available options.

Example

azsphere ca-certificate download-proof --output validation.cer  --verificationcode 123412341234 --index 1
Saving the requested proof of possession certificate to 'C:\Users\Test\Documents\validation.cer'.
Saved the requested proof of possession certificate to 'C:\Users\Test\Documents\validation.cer'.

list

Lists all certificates for the current tenant.

Optional parameters

Parameter Type Description Supported version
-t, --tenant String Specifies the ID or name of the Azure Sphere tenant. Azure Sphere CLI v2 Beta
Global parameters

Parameter Description
-v, --verbose Provides verbose output in Azure Sphere CLI v1
-?, --help Displays help on the command in Azure Sphere CLI v1

Note

If you are using Azure Sphere CLI v2 Beta, see Global Parameters for more information on available options.

Example

azsphere ca-certificate list
Number of certificates 2
Index: 1
Thumbprint: <value>
Certificate details: CN=<tenantid>, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Status: **Active**
Start Date: 09/06/2020 17:39:40
End Date: 09/06/2022 17:39:40

Index: 2
Thumbprint: <value>
Certificate details: CN=<tenantid>, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Status: Ready
Start Date: 29/04/2020 22:51:47
End Date: 29/04/2022 22:51:47