Man page - krillc(1)
Packages contas this manual
Manual
| KRILLC(1) | Krill | KRILLC(1) |
NAME
krillc - Krill CLI
SYNOPSIS
krillc [global-options] SUBCOMMAND [options]
DESCRIPTION
krillc is the command line interface for the krill daemon.
GLOBAL OPTIONS
The available global options are:
- -s server, --server=server
- Provides the path to a file containing basic configuration. If this option is not given, Krill will try to use /etc/krill.conf. See krill.conf(5) for more about the format of the configuration file.
- -h, --help
- Print some help information.
- -V, --version
- Print version information.
SUBCOMMANDS
Creates a configuration file for Krill and prints it to stdout
Generate a user authentication configuration file fragment
OPTIONS
ID (e.g., username, email) to generate configuration for
Attributes for the user
Perform an authenticated health check
Show server info
List the current CAs
Show details of a CA
OPTIONS
Show the history of a CA
Show the commands sent to a CA
OPTIONS
Name of the CA to control
Number of rows (max 250)
Number of results to skip
Show commands issued after date/time
Show commands issued before date/time
Show details for a command in the history of a CA
OPTIONS
Name of the CA to control
The command key as shown in 'history commands'"
Add a new CA
OPTIONS
Delete a CA and let it withdraw its objects and request revocation. WARNING: Irreversible!
OPTIONS
Show issues
OPTIONS
Manage children of a CA
Add a child to a CA
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
The AS resources to be included
- -4 <IPV4>, --ipv4=<IPV4>
The IPv4 resources to be included
- -6 <IPV6>, --ipv6=<IPV6>
The IPv6 resources to be included
Path to the RFC 8183 Child Request XML file
Update an existing child of a CA
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
The AS resources to be included
- -4 <IPV4>, --ipv4=<IPV4>
The IPv4 resources to be included
- -6 <IPV6>, --ipv6=<IPV6>
The IPv6 resources to be included
Path to the RFC 8183 Child Request XML file
Show info for a child
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
Remove an existing child from a CA
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
Show the RFC 8183 Parent Response XML
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
Show connections stats for children of a CA
OPTIONS
Suspend a child CA: un-publish certificate(s) issued to child
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
Unsuspend a child CA: publish certificate(s) issued to child
OPTIONS
Name of the CA to control
The name of the child CA you wish to control
Manage parents for a CA
Show RFC 8183 Child Request XML
OPTIONS
Add a parent to, or update a parent of a CA
OPTIONS
Name of the CA to control
The name of the parent CA you wish to control
Path to the RFC 8183 Child Request XML file
Refresh the parents of this CA
OPTIONS
Show contact information for a parent of a CA
OPTIONS
Name of the CA to control
The name of the parent CA you wish to control
Show overview of all parent statuses of a CA
OPTIONS
Remove an existing parent from a CA
OPTIONS
Name of the CA to control
The name of the parent CA you wish to control
Perform a manual key rollover for a CA
Initialize roll for all keys held by a CA
OPTIONS
Finish roll for all keys held by a CA
OPTIONS
Manage the repository of a CA
Show RFC 8183 Publisher Request XML
OPTIONS
Show current repo configuration
OPTIONS
Show current repo status
OPTIONS
Configure which repository a CA uses
OPTIONS
Name of the CA to control
Path to the RFC 8183 Publisher Response XML file
Manage the ROAs of a CA
List current ROAs
OPTIONS
Add and remove ROAs
OPTIONS
Name of the CA to control
Path to a file with added and removed ROAs
One or more ROAs to add
One or more ROAs to remove
Perform a dry run of the update, return the BGP analysis
Try to perform the update, advice for errors or invalids
Show current authorizations in relation to known announcements
Show full report of ROAs vs known BGP announcements
OPTIONS
Show ROA suggestions based on known BGP announcements
OPTIONS
Name of the CA to control
- -4 <IPV4>, --ipv4=<IPV4>
Scope to these IPv4 resources
- -6 <IPV6>, --ipv6=<IPV6>
Scope to these IPv6 resources
Manage the BGPsec router keys of a CA
Show current BGPsec router keys
OPTIONS
Add a BGPsec router key
OPTIONS
Name of the CA to control
The ASN to authorize the router key for
Path to the DER-encoded certificate signing request
Remove a BGPsec router key
OPTIONS
Name of the CA to control
The ASN of router key to be removed
The hex encoded key identifier of the router key
Manage the ASPAs of a CA
Show current ASPAs
OPTIONS
Add or replace an ASPA
OPTIONS
Name of the CA to control
The ASPA formatted like: 65000 => 65001, 65002, 65003
Remove the ASPA for a customer ASN
OPTIONS
Name of the CA to control
Customer ASN of the ASPA to remove
Update an existing ASPA
OPTIONS
Name of the CA to control
Customer ASN of an existing ASPA
Provider ASN to add
Provider ASN to remove
Manage the Publication Server
Manage the publishers of the publication server
List all publishers
List all publishers which have not published in a while
OPTIONS
Add a publisher
OPTIONS
Path to the RFC 8183 Publisher Request XML file
Override the publisher handle in the XML
Show RFC 8183 Repository Response XML
OPTIONS
Show details for a publisher
OPTIONS
Remove a publisher
OPTIONS
Delete specific files from the publication server
Manage the publication server
Initialize the publication server
OPTIONS
The RRDP base URI for the repository (excluding notification.xml)
The rsync base URI for the repository
Show publication server statistics
Reset the RRDP session
Clear the publication server so it can re-initialized
Manually trigger refresh/republish/resync for all CAs
Force all CAs to ask their parents for updated certificates
Force all CAs to create new objects if needed (in which case they will also sync)
Force all CAs to sync with their repo server
SEE ALSO
krill(1), krill.conf(5), krillta(1), krillup(1)
Author
NLnet Labs
Copyright
2018–2026, NLnet Labs
| March 3, 2026 | 0.16.0 |