Update operations

The horizon client can perform update operations on certificates using the update-cert command. This will modify the information associated with the certificate on Horizon.

This command can either be used to update a certificate present on your machine or to update certificates on Horizon using an account with sufficient permission.

To update a local certificate, the 'Update (pop)' common configuration permission must be enabled on the profile the certificate is linked to.

General Parameters

--confirm

The command asks for confirmation after the changes are computed. Use this flag to disable this behavior and proceed directly. (Optional)

--prompt

Use this flag to be prompted for edition of all the certificate fields. In this mode, using enter on an existing value means the value is not changed. (Optional)

Update Parameters

An update concerns only metadata fields, that is fields added by Horizon.

--owner

Set the owner of the certificate. An empty string means deletion of this information. (Optional)

--team

Set the team of the certificate. An empty string means deletion of this information. (Optional)

--contact-email

Set the contact email of the certificate. An empty string means deletion of this information. (Optional)

--labels

Set the labels of the certificate. An empty string means deletion of this information. (Optional)

--metadata

Set the technical metadata of the certificate. To use with caution. An empty string means deletion of this information. (Optional)

Certificate selection parameters

Local certificate

The update is only possible on local certificates for which you possess the key:

--cert

Path to the certificate to update (PEM file, PKCS#12 file, JKS file) or cert thumbprint for Windows certificate store entries. (Optional)

--key

Path to the private key of the certificate to update if it is not included in the certificate file. (Optional)

--pfx-pwd

Password for the PKCS#12 file to update. (Optional)

--jks-pwd

Password for the JKS file to update. (Optional)

--jks-alias

Alias for the JKS file to update. (Optional)

--jks-alias-pwd

Alias password for the JKS file to update. (Optional)

Certificate on Horizon server

An account must be configured on the client using horizon-cli install and it must have update permissions on the certificate

--id

Id of the certificate to update (Optional)

Examples

You will find below a few examples detailing how to use the client to update certificates in various contexts

Updating the owner of a certificate

horizon-cli update-cert --cert=/path/to/cert --key=/path/to/key --owner=newowner

Removing the team from a certificate stored in JKS file

horizon-cli update-cert --cert=/path/to/cert.jks --jks-pwd=<jks_password> --team=""

Updating labels and metadata of a certificate stored in windows certificate store

horizon-cli update-cert --cert=<certificate_thumbprint> --labels="label1:value1,label2:value2" --metadata="metadata1:value1,metadata2:value2"

Updating contact email of a certificate referenced on Horizon

horizon-cli update-cert --id=<certificate_id> --contact-email="[email protected]"