Authentication
For tenant it is important to send manifest to the right provider as well as for provider to ensure only owners can access their deployments. Thus each account must create certificate prior deploying workload or starting the provider.
Note In this guide --from is referring to the key main which has been previously created with akash key add. Consider changing to the name of yours.
1
- name: main
2
type: local
3
address: akash1gp3scyd8aye3z8szf3mpqzgsg4csyplcqehxus
4
pubkey: akashpub1addwnpepq0np6xltudgnau39046qtty3k46gzd482884hqcfxvzpyf2ttnr8ue3hc55
5
mnemonic: ""
6
threshold: 0
7
pubkeys: []
Copied!

Manage certificates

By default certificate is valid for 365 days from the moment of issuing

Create

Client (aka tenant) certificate

1
akash tx cert create client --from=main
Copied!

Provider certificate

It is important for provider to list same domain(s) as hostURI in provider attributes For example if HostURI: https://example.com the example.com must be listed as one of the domains in the certificate
1
#akash tx cert create server [list of domains provider is serving on] --from=main
2
akash tx cert create server example.com example1.com --from=main
Copied!
Locally certificates and it's respective private key are stored in single file in akash home directory. The name of the file is stated as <address>.pem. For example certificate created with key main the file will be named as akash1gp3scyd8aye3z8szf3mpqzgsg4csyplcqehxus.pem
If file already exists user will be prompted to check if certificate already present on chain:
  • certificate is not on chain: user is prompted whether to commit or to leave as is
  • certificate is on chain: user prompted to revoke it or leave as is
To create certificate without being prompted use --rie flag (revoke if exists)

Custom expiration dates

Use following flags to set custom period of validity
  • naf: valid not after. value either number of days with d suffix 364d or RFC3339 formatted timestamp
  • nbf: valid not before. value must be RFC3339 formatted timestamp
Note flags above are valid for both client and server certificates
example1
certificate valid for 180days after issuing
1
akash tx cert create client --from=main --naf=180d
Copied!
example2
certificate valid for 180days after date of start
1
akash tx cert create client --from=main --naf="2022-03-19T18:35:03-04:00" --naf=180d
Copied!
example3
certificate valid for 365days after date of start
1
akash tx cert create client --from=main --naf="2022-03-19T18:35:03-04:00"
Copied!

Revoke

1
akash tx cert revoke --from=main
Copied!
1
akash tx cert revoke --from=main --serial=<serial #>
Copied!

Query

To query certificates for particular account
1
akash query cert list --owner="$(akash keys show main -a)"
Copied!
To filter by state
1
akash query cert list --owner="$(akash keys show main -a)" --state=valid
2
akash query cert list --owner="$(akash keys show main -a)" --state=revoked
Copied!
Last modified 5mo ago