Command cert
The command cert (alias: certificate) lets you manage ROOT certificates used by fluxzy.
Options
Description:
Manage root certificates used by the fluxzy
Usage:
fluxzy cert [command] [options]
Options:
-?, -h, --help Show help and usage information
Commands:
export <output-file> Export the default embedded certificate used by fluxzy
check <cert-file> Check if the provided certificate (or embedded if omit) is trusted
install <cert-file> Trust a certificate as ROOT (need elevation)
uninstall <cert-thumbprint> Remove a certificate from Root CA authority store
list List all root certificates
create <filePath> <common-name> Create a self-signed root CA certificate in PKCS#12 format
default <pkcs12-certificate> Get or set the default root CA for the current user
Export the default ROOT CA
The command cert export allows you to export the default embedded ROOT CA of fluxzy.
fluxzy cert export my-root-ca.cer
Check if a certificate is trusted
The command cert check verifies if a certificate is trusted in the current system store. If no certificate file is provided, it checks the embedded certificate.
# Check if the embedded certificate is trusted
fluxzy cert check
# Check a specific certificate file
fluxzy cert check /path/to/cert.cer
List all ROOT certificates
The command cert list displays all root certificates in the system store.
fluxzy cert list
Create a new ROOT CA
The command cert create allows you to create a new self-signed ROOT CA certificate in PKCS#12 format.
fluxzy cert create mycert.p12 "MYCN"
The command above will create a 2048 bits RSA certificate with CN=MYCN. Additional options are available:
| Option | Description |
|---|---|
-v, --validity <days> |
Validity of the certificate in days (default: 3650) |
-k, --key-size <size> |
Key size, multiple of 1024, max 16384 (default: 2048) |
-p, --password <password> |
Password for the created P12 file |
--O, --o <value> |
Organization name |
--OU, --ou <value> |
Organization unit name |
--L, --l <value> |
Locality name |
--ST, --st <value> |
State or province name |
--C, --c <value> |
Country name |
Example with full subject information:
fluxzy cert create mycert.p12 "My Root CA" \
--O "My Company" \
--OU "IT Department" \
--L "Paris" \
--ST "Ile-de-France" \
--C "FR" \
--validity 365 \
--password "secretpass"
Install a ROOT CA to the system store
The command cert install adds a ROOT CA to the default certificate store of the running OS. This command requires administrator/root privileges.
fluxzy cert install mycert.crt
- On Linux and macOS, run the CLI with
sudocommand. - This updates only the default system certificate store. Application-specific stores (like Firefox or curl on some systems) may need separate configuration.
Remove a ROOT CA from the system store
The command cert uninstall removes a certificate from the Root CA authority store by its thumbprint.
fluxzy cert uninstall <certificate-thumbprint>
Use fluxzy cert list to find the thumbprint of the certificate you want to remove.
Define a ROOT CA at user level
You can define a ROOT CA at user level by using the command cert default. The defined root certificate will be implicitly used by all fluxzy applications (CLI, Fluxzy.Core and Desktop).
# Create a new ROOT CA
fluxzy cert create MyCustomCa.p12 MyCN
# Define the ROOT CA at user level
fluxzy cert default MyCustomCa.p12
If the provided PKCS12 file is password protected, Fluxzy will expect to read the password from the environment variable FLUXZY_ROOT_CERTIFICATE_PASSWORD.
The PKCS12 file will be stored on %appdata%/.fluxzy/rootca.pfx on Windows and ~/.fluxzy/rootca.pfx on Linux and macOS.
The environment variable FLUXZY_ROOT_CERTIFICATE can be used to override the default root CA setting.