[{"data":1,"prerenderedAt":598},["ShallowReactive",2],{"navigation_docs":3,"-docs-api-cli-reference":86,"-docs-api-cli-reference-surround":595},[4,22,31,48,65],{"title":5,"path":6,"stem":7,"children":8,"page":21},"Api","\u002Fdocs\u002Fapi","docs\u002Fapi",[9,13,17],{"title":10,"path":11,"stem":12},"CLI Reference","\u002Fdocs\u002Fapi\u002Fcli-reference","docs\u002Fapi\u002F1.cli-reference",{"title":14,"path":15,"stem":16},"ZMQ Protocol Reference","\u002Fdocs\u002Fapi\u002Fzmq-protocol","docs\u002Fapi\u002F2.zmq-protocol",{"title":18,"path":19,"stem":20},"Error Codes","\u002Fdocs\u002Fapi\u002Ferror-codes","docs\u002Fapi\u002F3.error-codes",false,{"title":23,"path":24,"stem":25,"children":26,"page":21},"Community","\u002Fdocs\u002Fcommunity","docs\u002Fcommunity",[27],{"title":28,"path":29,"stem":30},"Contributing","\u002Fdocs\u002Fcommunity\u002Fcontributing","docs\u002Fcommunity\u002F1.contributing",{"title":32,"path":33,"stem":34,"children":35,"page":21},"Concepts","\u002Fdocs\u002Fconcepts","docs\u002Fconcepts",[36,40,44],{"title":37,"path":38,"stem":39},"Architecture","\u002Fdocs\u002Fconcepts\u002Farchitecture","docs\u002Fconcepts\u002F1.architecture",{"title":41,"path":42,"stem":43},"Certificate Lifecycle","\u002Fdocs\u002Fconcepts\u002Fcertificate-lifecycle","docs\u002Fconcepts\u002F2.certificate-lifecycle",{"title":45,"path":46,"stem":47},"Security Model","\u002Fdocs\u002Fconcepts\u002Fsecurity-model","docs\u002Fconcepts\u002F3.security-model",{"title":49,"path":50,"stem":51,"children":52,"page":21},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002Fgetting-started",[53,57,61],{"title":54,"path":55,"stem":56},"Introduction","\u002Fdocs\u002Fgetting-started\u002Fintroduction","docs\u002Fgetting-started\u002F1.introduction",{"title":58,"path":59,"stem":60},"Installation","\u002Fdocs\u002Fgetting-started\u002Finstallation","docs\u002Fgetting-started\u002F2.installation",{"title":62,"path":63,"stem":64},"Quick Start","\u002Fdocs\u002Fgetting-started\u002Fquick-start","docs\u002Fgetting-started\u002F3.quick-start",{"title":66,"path":67,"stem":68,"children":69,"page":21},"Guides","\u002Fdocs\u002Fguides","docs\u002Fguides",[70,74,78,82],{"title":71,"path":72,"stem":73},"Configuration","\u002Fdocs\u002Fguides\u002Fconfiguration","docs\u002Fguides\u002F1.configuration",{"title":75,"path":76,"stem":77},"Certificate Profiles","\u002Fdocs\u002Fguides\u002Fcertificate-profiles","docs\u002Fguides\u002F2.certificate-profiles",{"title":79,"path":80,"stem":81},"Docker Deployment","\u002Fdocs\u002Fguides\u002Fdocker-deployment","docs\u002Fguides\u002F3.docker-deployment",{"title":83,"path":84,"stem":85},"Importing an Existing CA","\u002Fdocs\u002Fguides\u002Fimporting-existing-ca","docs\u002Fguides\u002F4.importing-existing-ca",{"id":87,"title":10,"body":88,"description":588,"extension":589,"links":590,"meta":591,"navigation":592,"path":11,"seo":593,"stem":12,"__hash__":594},"docs\u002Fdocs\u002Fapi\u002F1.cli-reference.md",{"type":89,"value":90,"toc":575},"minimark",[91,95,100,104,152,156,162,165,194,237,240,243,248,251,265,271,273,278,281,329,373,378,380,385,388,401,404,418,425,427,431,434,523,527,571],[92,93,10],"h1",{"id":94},"cli-reference",[96,97,99],"h2",{"id":98},"global-flags","Global flags",[101,102,103],"p",{},"These flags apply to all commands:",[105,106,107,126],"table",{},[108,109,110],"thead",{},[111,112,113,117,120,123],"tr",{},[114,115,116],"th",{},"Flag",[114,118,119],{},"Short",[114,121,122],{},"Default",[114,124,125],{},"Description",[127,128,129],"tbody",{},[111,130,131,138,140,145],{},[132,133,134],"td",{},[135,136,137],"code",{},"--path \u003Cdir>",[132,139],{},[132,141,142],{},[135,143,144],{},"~\u002F.upki\u002Fca",[132,146,147,148,151],{},"Data directory (overridden by ",[135,149,150],{},"UPKI_DATA_DIR",")",[96,153,155],{"id":154},"commands","Commands",[157,158,160],"h3",{"id":159},"init",[135,161,159],{},[101,163,164],{},"Initialise the CA. On the first run, creates the root key pair, self-signed certificate, and default configuration file. Idempotent — safe to run again on an existing data directory.",[166,167,172],"pre",{"className":168,"code":169,"language":170,"meta":171,"style":171},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","python ca_server.py init [options]\n","bash","",[135,173,174],{"__ignoreMap":171},[175,176,179,183,187,190],"span",{"class":177,"line":178},"line",1,[175,180,182],{"class":181},"sBMFI","python",[175,184,186],{"class":185},"sfazB"," ca_server.py",[175,188,189],{"class":185}," init",[175,191,193],{"class":192},"sTEyZ"," [options]\n",[105,195,196,205],{},[108,197,198],{},[111,199,200,203],{},[114,201,202],{},"Option",[114,204,125],{},[127,206,207,217,227],{},[111,208,209,214],{},[132,210,211],{},[135,212,213],{},"--ca-key \u003Cpath>",[132,215,216],{},"Import an existing CA private key (PEM)",[111,218,219,224],{},[132,220,221],{},[135,222,223],{},"--ca-cert \u003Cpath>",[132,225,226],{},"Import an existing CA certificate (PEM)",[111,228,229,234],{},[132,230,231],{},[135,232,233],{},"--ca-password-file \u003Cpath>",[132,235,236],{},"File containing the password to decrypt the imported key",[101,238,239],{},"On first run, a random registration seed is generated and printed. Keep it secure.",[241,242],"hr",{},[157,244,246],{"id":245},"register",[135,247,245],{},[101,249,250],{},"Start the RA registration listener on port 5001 (clear mode). Waits for an RA node to complete the handshake, issues it a certificate, then exits.",[166,252,254],{"className":168,"code":253,"language":170,"meta":171,"style":171},"python ca_server.py register\n",[135,255,256],{"__ignoreMap":171},[175,257,258,260,262],{"class":177,"line":178},[175,259,182],{"class":181},[175,261,186],{"class":185},[175,263,264],{"class":185}," register\n",[101,266,267,268,270],{},"Run this command every time a new RA needs to be registered. The RA operator must have the seed printed by ",[135,269,159],{},".",[241,272],{},[157,274,276],{"id":275},"listen",[135,277,275],{},[101,279,280],{},"Start the CA operations listener on port 5000 (TLS mode).",[166,282,284],{"className":168,"code":283,"language":170,"meta":171,"style":171},"python ca_server.py listen [--host \u003Cip>] [--port \u003Cint>]\n",[135,285,286],{"__ignoreMap":171},[175,287,288,290,292,295,298,302,305,307,310,313,316,318,321,324,326],{"class":177,"line":178},[175,289,182],{"class":181},[175,291,186],{"class":185},[175,293,294],{"class":185}," listen",[175,296,297],{"class":192}," [--host ",[175,299,301],{"class":300},"sMK4o","\u003C",[175,303,304],{"class":185},"i",[175,306,101],{"class":192},[175,308,309],{"class":300},">",[175,311,312],{"class":185},"]",[175,314,315],{"class":192}," [--port ",[175,317,301],{"class":300},[175,319,320],{"class":185},"in",[175,322,323],{"class":192},"t",[175,325,309],{"class":300},[175,327,328],{"class":185},"]\n",[105,330,331,341],{},[108,332,333],{},[111,334,335,337,339],{},[114,336,202],{},[114,338,122],{},[114,340,125],{},[127,342,343,358],{},[111,344,345,350,355],{},[132,346,347],{},[135,348,349],{},"--host \u003Cip>",[132,351,352],{},[135,353,354],{},"127.0.0.1",[132,356,357],{},"Bind address",[111,359,360,365,370],{},[132,361,362],{},[135,363,364],{},"--port \u003Cint>",[132,366,367],{},[135,368,369],{},"5000",[132,371,372],{},"Port number",[101,374,375,376,270],{},"The RA must already be registered before starting ",[135,377,275],{},[241,379],{},[157,381,383],{"id":382},"start",[135,384,382],{},[101,386,387],{},"Auto-bootstrap mode — the Docker default entrypoint. On first boot:",[389,390,391,398],"ol",{},[392,393,394,395,397],"li",{},"Runs ",[135,396,159],{}," if not already done",[392,399,400],{},"Starts both the registration listener (port 5001) and the CA listener (port 5000) concurrently",[101,402,403],{},"On subsequent boots, skips init and starts both listeners directly.",[166,405,407],{"className":168,"code":406,"language":170,"meta":171,"style":171},"python ca_server.py start\n",[135,408,409],{"__ignoreMap":171},[175,410,411,413,415],{"class":177,"line":178},[175,412,182],{"class":181},[175,414,186],{"class":185},[175,416,417],{"class":185}," start\n",[101,419,420,421,424],{},"Requires ",[135,422,423],{},"UPKI_CA_SEED"," environment variable when a registration is needed.",[241,426],{},[96,428,430],{"id":429},"environment-variables","Environment variables",[101,432,433],{},"All environment variables override the equivalent CLI options:",[105,435,436,448],{},[108,437,438],{},[111,439,440,443,446],{},[114,441,442],{},"Variable",[114,444,445],{},"CLI equivalent",[114,447,125],{},[127,449,450,464,478,493,508],{},[111,451,452,456,461],{},[132,453,454],{},[135,455,150],{},[132,457,458],{},[135,459,460],{},"--path",[132,462,463],{},"Data directory path",[111,465,466,470,473],{},[132,467,468],{},[135,469,423],{},[132,471,472],{},"—",[132,474,475,476,151],{},"Registration seed (used by ",[135,477,382],{},[111,479,480,485,490],{},[132,481,482],{},[135,483,484],{},"UPKI_CA_HOST",[132,486,487],{},[135,488,489],{},"--host",[132,491,492],{},"ZMQ bind address",[111,494,495,500,505],{},[132,496,497],{},[135,498,499],{},"UPKI_CA_KEY_FILE",[132,501,502],{},[135,503,504],{},"--ca-key",[132,506,507],{},"Path to existing CA private key",[111,509,510,515,520],{},[132,511,512],{},[135,513,514],{},"UPKI_CA_CERT_FILE",[132,516,517],{},[135,518,519],{},"--ca-cert",[132,521,522],{},"Path to existing CA certificate",[96,524,526],{"id":525},"exit-codes","Exit codes",[105,528,529,539],{},[108,530,531],{},[111,532,533,536],{},[114,534,535],{},"Code",[114,537,538],{},"Meaning",[127,540,541,551,561],{},[111,542,543,548],{},[132,544,545],{},[135,546,547],{},"0",[132,549,550],{},"Success",[111,552,553,558],{},[132,554,555],{},[135,556,557],{},"1",[132,559,560],{},"Configuration or storage error",[111,562,563,568],{},[132,564,565],{},[135,566,567],{},"2",[132,569,570],{},"Signal received (SIGTERM\u002FSIGINT) — normal shutdown",[572,573,574],"style",{},"html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}",{"title":171,"searchDepth":576,"depth":576,"links":577},2,[578,579,586,587],{"id":98,"depth":576,"text":99},{"id":154,"depth":576,"text":155,"children":580},[581,583,584,585],{"id":159,"depth":582,"text":159},3,{"id":245,"depth":582,"text":245},{"id":275,"depth":582,"text":275},{"id":382,"depth":582,"text":382},{"id":429,"depth":576,"text":430},{"id":525,"depth":576,"text":526},"Complete reference for the ca_server.py command-line interface.","md",null,{},true,{"title":10,"description":588},"Ur-kVEk2zdbgXge-rjuUlfSr-tXpX59a3hB1s2-j5RE",[590,596],{"title":14,"path":15,"stem":16,"description":597,"children":-1},"Complete reference for the ZMQ REQ\u002FREP protocol between uPKI CA and RA\u002FCLI.",1775569478524]