man-page

GCLOUD_PRIVATECA_CERTIFICATES_EXPORT(1)
GCLOUD_PRIVATECA_CERTIFICATES_EXPORT(1)

NAME

gcloud privateca certificates export - export a pem-encoded certificate to a file

gcloud privateca certificates export (CERTIFICATE : --issuer-location=ISSUER_LOCATION --issuer-pool=ISSUER_POOL) --output-file=OUTPUT_FILE [--include-chain] [GCLOUD_WIDE_FLAG ...]

EXAMPLES

To export a single pem-encoded certificate to a file, run the following:

$ gcloud privateca certificates export my-cert \ --issuer-pool=my-pool --issuer-location=us-west1 \ --output-file=cert.pem

To export a pem-encoded certificate along with its issuing chain in the same file, run the following:

$ gcloud privateca certificates export my-cert \ --issuer-pool=my-pool --issuer-location=us-west1 \ --include-chain --output-file=chain.pem

You can omit the --issuer-location flag in both of the above examples if you've already set the privateca/location property. For example:

$ gcloud config set privateca/location us-west1

The following is equivalent to the first example above.

$ gcloud privateca certificates export my-cert \ --issuer-pool=my-pool --output-file=cert.pem

The following is equivalent to the second example above.

$ gcloud privateca certificates export my-cert \ --issuer-pool=my-pool --include-chain --output-file=chain.pem

POSITIONAL ARGUMENTS

CERTIFICATE resource - The certificate to export. The arguments in this group

can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:

—

provide the argument CERTIFICATE on the command line with a fully specified name;

—

provide the argument --project on the command line;

—

set the property core/project.

This must be specified.

CERTIFICATE

ID of the CERTIFICATE or fully qualified identifier for the CERTIFICATE. To set the certificate attribute:

provide the argument CERTIFICATE on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--issuer-location=ISSUER_LOCATION

The location of the CERTIFICATE. To set the issuer-location attribute:

provide the argument CERTIFICATE on the command line with a fully specified name;

provide the argument --issuer-location on the command line;

set the property privateca/location.

--issuer-pool=ISSUER_POOL

The parent CA Pool of the CERTIFICATE. To set the issuer-pool attribute:

provide the argument CERTIFICATE on the command line with a fully specified name;

provide the argument --issuer-pool on the command line.

REQUIRED FLAGS

--output-file=OUTPUT_FILE

The path where the resulting PEM-encoded certificate will be written.

OPTIONAL FLAGS

--include-chain

Whether to include the certificate's issuer chain in the exported file. If this is set, the resulting file will contain the pem-encoded certificate and its issuing chain, ordered from leaf to root.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This variant is also available:

$ gcloud beta privateca certificates export