Man page - krillc(1)
Packages contains this manual
Manual
KRILLC
NAMESYNOPSIS
DESCRIPTION
GLOBAL OPTIONS
SUBCOMMANDS
SEE ALSO
Author
Copyright
NAME
krillc - Krill CLI
SYNOPSIS
krillc [ global-options ] SUBCOMMAND [ options ]
DESCRIPTION
krillc is the command line interface for the krill daemon.
GLOBAL OPTIONS
The available
global options are:
-s server, --server=server
Provides the path to a file containing basic configuration. If this option is not given, Krill will try to use /etc/krill.conf . See krill.conf (5) for more about the format of the configuration file.
-h, --help
Print some help information.
-V, --version
Print version information.
SUBCOMMANDS
|
config |
Creates a configuration file for Krill and prints it to stdout
|
user |
Generate a user authentication configuration file fragment
OPTIONS
--id=<ID>
ID (e.g.,
username, email) to generate configuration for
-a <ATTR>, --attr=<ATTR>
Attributes for the user
|
health |
Perform an authenticated health check
|
info |
Show server info
|
list |
List the current CAs
|
show |
Show details of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
history
Show the history of a CA
commands
Show the commands sent to a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--rows=<ROWS>
Number of rows
(max 250)
--offset=<OFFSET>
Number of
results to skip
--after=<AFTER>
Show commands
issued after date/time
--before=<BEFORE>
Show commands issued before date/time
details
Show details for a command in the history of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--key=<KEY>
The command key as shown in 'history commands'"
|
add |
Add a new CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
delete |
Delete a CA and let it withdraw its objects and request revocation. WARNING: Irreversible!
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
issues |
Show issues
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to check for issues
children
Manage children of a CA
|
add |
Add a child to a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the
child CA you wish to control
-a <ASN>, --asn=<ASN>
The AS
resources to be included
-4 <IPV4>, --ipv4=<IPV4>
The IPv4
resources to be included
-6 <IPV6>, --ipv6=<IPV6>
The IPv6
resources to be included
-r <REQUEST>, --request=<REQUEST>
Path to the RFC 8183 Child Request XML file
|
update |
Update an existing child of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the
child CA you wish to control
-a <ASN>, --asn=<ASN>
The AS
resources to be included
-4 <IPV4>, --ipv4=<IPV4>
The IPv4
resources to be included
-6 <IPV6>, --ipv6=<IPV6>
The IPv6
resources to be included
-r <REQUEST>, --request=<REQUEST>
Path to the RFC 8183 Child Request XML file
|
info |
Show info for a child
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the child CA you wish to control
|
remove |
Remove an existing child from a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the child CA you wish to control
response
Show the RFC 8183 Parent Response XML
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the child CA you wish to control
connections
Show connections stats for children of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
suspend
Suspend a child CA: un-publish certificate(s) issued to child
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the child CA you wish to control
unsuspend
Unsuspend a child CA: publish certificate(s) issued to child
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--child=<CHILD>
The name of the child CA you wish to control
parents
Manage parents for a CA
request
Show RFC 8183 Child Request XML
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
add |
Add a parent to, or update a parent of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--parent=<PARENT>
The name of the
parent CA you wish to control
-r <RESPONSE>, --response=<RESPONSE>
Path to the RFC 8183 Child Request XML file
refresh
Refresh the parents of this CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
contact
Show contact information for a parent of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--parent=<PARENT>
The name of the parent CA you wish to control
statuses
Show overview of all parent statuses of a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
remove |
Remove an existing parent from a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--parent=<PARENT>
The name of the parent CA you wish to control
keyroll
Perform a manual key rollover for a CA
|
init |
Initialize roll for all keys held by a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
activate
Finish roll for all keys held by a CA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
repo |
Manage the repository of a CA
request
Show RFC 8183 Publisher Request XML
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
show |
Show current repo configuration
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
status |
Show current repo status
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
configure
Configure which repository a CA uses
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
-r <RESPONSE>, --response=<RESPONSE>
Path to the RFC 8183 Publisher Response XML file
|
roas |
Manage the ROAs of a CA
|
list |
List current ROAs
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
update |
Add and remove ROAs
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--delta=<DELTA>
Path to a file
with added and removed ROAs
--add=<ADD>
One or more
ROAs to add
--remove=<REMOVE>
One or more
ROAs to remove
--dryrun=<DRYRUN>
Perform a dry
run of the update, return the BGP analysis
--try=<TRY_UPDATE>
Try to perform the update, advice for errors or invalids
|
bgp |
Show current authorizations in relation to known announcements
analyze
Show full report of ROAs vs known BGP announcements
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
suggest
Show ROA suggestions based on known BGP announcements
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
-4 <IPV4>, --ipv4=<IPV4>
Scope to these
IPv4 resources
-6 <IPV6>, --ipv6=<IPV6>
Scope to these IPv6 resources
|
bgpsec |
Manage the BGPsec router keys of a CA
|
list |
Show current BGPsec router keys
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
add |
Add a BGPsec router key
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
-a <ASN>, --asn=<ASN>
The ASN to
authorize the router key for
--csr=<CSR>
Path to the DER-encoded certificate signing request
|
remove |
Remove a BGPsec router key
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
-a <ASN>, --asn=<ASN>
The ASN of
router key to be removed
--key=<KEY>
The hex encoded key identifier of the router key
|
aspas |
Manage the ASPAs of a CA
|
list |
Show current ASPAs
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA to control
|
add |
Add or replace an ASPA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--aspa=<ASPA>
The ASPA formatted like: 65000 => 65001, 65002, 65003
|
remove |
Remove the ASPA for a customer ASN
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--customer=<CUSTOMER>
Customer ASN of the ASPA to remove
|
update |
Update an existing ASPA
OPTIONS
-c <CA>, --ca=<CA> [env: KRILL_CLI_MY_CA]
Name of the CA
to control
--customer=<CUSTOMER>
Customer ASN of
an existing ASPA
--add=<ADD>
Provider ASN to
add
--remove=<REMOVE>
Provider ASN to remove
pubserver
Manage the Publication Server
publishers
Manage the publishers of the publication server
|
list |
List all publishers
|
stale |
List all publishers which have not published in a while
OPTIONS
--seconds=<SECONDS>
Number of seconds since last publication
|
add |
Add a publisher
OPTIONS
--request=<REQUEST>
Path to the RFC
8183 Publisher Request XML file
-p <PUBLISHER>, --publisher=<PUBLISHER>
Override the publisher handle in the XML
response
Show RFC 8183 Repository Response XML
OPTIONS
-p <PUBLISHER>, --publisher=<PUBLISHER>
Name of the publisher
|
show |
Show details for a publisher
OPTIONS
-p <PUBLISHER>, --publisher=<PUBLISHER>
Name of the publisher
|
remove |
Remove a publisher
OPTIONS
-p <PUBLISHER>, --publisher=<PUBLISHER>
Name of the publisher
|
delete |
Delete specific files from the publication server
|
server |
Manage the publication server
|
init |
Initialize the publication server
OPTIONS
--rrdp=<RRDP>
The RRDP base
URI for the repository (excluding notification.xml)
--rsync=<RSYNC>
The rsync base URI for the repository
|
stats |
Show
publication server statistics
session-reset
Reset the RRDP session
|
clear |
Clear the publication server so it can re-initialized
|
bulk |
Manually trigger refresh/republish/resync for all CAs
refresh
Force all CAs
to ask their parents for updated certificates
publish
Force all CAs to create new objects if needed (in which case they will also sync)
|
sync |
Force all CAs to sync with their repo server
SEE ALSO
krill (1), krill.conf (5), krillta (1), krillup (1)
Author
NLnet Labs
Copyright
2018–2026, NLnet Labs