Skip to content

Cert CanGenerateCSR#

Description#

During the installation or rotation of certificates on a target the Certificate Signing Request (CSR) can be generated by either the target or the client.

In order to check if a target has the ability to generate a CSR, the CanGenerate RPC is used.

The can-generate-csr command takes 3 flags:

  • cert-type: specifies the certificate type, defaults to CT_X509
  • key-type: specifies the key type, defaults to KT_RSA
  • key-size:specifies the key size, defaults to 2048

Usage#

gnoic [global-flags] cert can-generate-csr [local-flags]

or

gnoic [global-flags] cert cgc [local-flags]

Flags#

cert-type#

The --cert-type set the certificate type the client is querying the target about the ability to generate a CSR for.

key-type#

The --key-type set the key type the client is querying the target about the ability to generate a CSR for.

key-size#

The --key-size set the key size the client is querying the target about the ability to generate a CSR for.

Examples#

gnoic -a r1,r2,r3 --insecure -u admin -p admin cert can-generate-csr
+-------------+------------------+
| Target Name | Can Generate CSR |
+-------------+------------------+
| r1:57400    | true             |
| r2:57400    | true             |
| r3:57400    | true             |
+-------------+------------------+
Back to top