Generate

tranzia tls cert generate

Generate a new TLS certificate

Synopsis

Generate a new TLS certificate using customizable options like key type, SANs, validity, and CA signing through Tranzia.

tranzia tls cert generate [flags]

Examples

# Generate a 4096-bit RSA certificate valid for 1 year
tranzia tls cert generate --key-type rsa --bits 4096 --subject "/CN=example.com/L=San Francisco/O=TranziaNet/C=US"

# Generate ECDSA certificate with subject
tranzia tls cert generate --key-type ecdsa --bits 384 --subject "/CN=internal.service/O=TranziaNet/C=US"

# Generate ed25519 certificate
tranzia tls cert generate --key-type ed25519 --subject "/CN=localhost/O=TranziaNet/C=US"

Options

  -b, --bits int                 Key size in bits (RSA: 2048/3072/4096, ECDSA: 256/384/521). Ignored for ed25519. (default 2048)
      --cert-out string          Path to save the generated certificate file
  -h, --help                     help for generate
      --is-ca                    Mark certificate as a CA (Certificate Authority)
      --key-type string          Type of private key to generate [rsa | ecdsa | ed25519] (default "rsa")
      --private-key-out string   Path to save the generated private key file
      --public-key-out string    Path to save the generated public key file
      --subject string           Subject in X.509 DN format, e.g., '/CN=example.com/L=City/O=Org/C=US'
      --usage string             Certificate usage (e.g., server auth, client auth)
      --validity int             Validity period of the certificate in days (default 365)

SEE ALSO

• tranzia tls cert - Manage certificates

Auto generated by spf13/cobra on 20-Jul-2025