Actions20
- Configuration Actions
- System Actions
- Image Actions
- Generate Actions
- Config File Actions
Overview
This node interacts with a VyOS router via its HTTP API, specifically focusing on generating cryptographic keys and certificates under the "Generate" resource. The "Custom Generate" operation allows users to specify a custom generation path as a space-separated string, enabling flexible creation of various cryptographic materials such as self-signed certificates, Diffie-Hellman parameters, or SSH key pairs.
Common scenarios include:
- Generating self-signed SSL/TLS certificates for internal services.
- Creating SSH key pairs for secure access management.
- Producing Diffie-Hellman parameters for enhanced cryptographic security.
- Custom cryptographic generation commands supported by VyOS.
Practical example:
- To generate a self-signed certificate named "mycert", a user might set the generate path to
"pki certificate self-signed mycert"and provide additional fields like subject and validity days. - To create an SSH key pair, the generate path could be
"ssh-keygen"with options specifying key type and size.
Properties
| Name | Meaning |
|---|---|
| Generate Path | Custom generation path as a space-separated string defining the cryptographic generation command. Examples: "pki certificate self-signed mycert", "pki dh 2048". This is required. |
| Additional Fields | A collection of optional parameters to customize the generation process: |
| - Key Size | Size of the key in bits. Options: 1024, 2048 (default), 4096. Applicable for SSH key pairs, certificate authorities, and certificates. |
| - Key Type | Type of SSH key to generate. Options: RSA (default), DSA, ECDSA, Ed25519. Applicable only for SSH key pairs. |
| - Subject | Certificate subject distinguished name string, e.g., "CN=example.com,O=My Organization,C=US". Used for certificates and certificate authorities. |
| - Validity Days | Number of days the certificate is valid. Default is 365. Applies to certificates and certificate authorities. |
| - Format Output | Boolean flag indicating whether to format the output for better readability. Defaults to true. |
Output
The node outputs JSON data representing the result of the cryptographic generation command executed on the VyOS router. This typically includes generated keys, certificates, or parameters in textual form. If the output contains binary data (e.g., private keys or certificates), it will be included in the JSON structure accordingly, but the exact structure depends on the VyOS API response.
Dependencies
- Requires access to a VyOS router configured to accept HTTP API requests.
- An API authentication token or credential must be provided to authenticate with the VyOS API.
- The node expects the base URL and SSL validation settings to be configured via credentials.
- No other external dependencies are indicated.
Troubleshooting
- Invalid Generate Path: If the custom generate path is malformed or unsupported by VyOS, the API may return an error. Ensure the path matches VyOS CLI syntax for key/certificate generation.
- Authentication Errors: Failure to authenticate with the VyOS API will prevent execution. Verify that the API credentials are correct and have sufficient permissions.
- Missing Required Fields: The generate path is mandatory; omitting it will cause errors.
- Unsupported Key Types or Sizes: Using unsupported key types or sizes may cause generation failure. Refer to VyOS documentation for supported options.
- SSL Issues: If SSL certificate validation fails, consider enabling the option to ignore SSL issues in credentials or ensure proper SSL setup on the VyOS device.