% SPLINTER-CERT-GENERATE(1) Cargill, Incorporated | Splinter Commands


splinter-cert-generate — Generates test certificates and keys for running splinterd with TLS (in insecure mode)


| splinter cert generate [FLAGS] [OPTIONS]


Running Splinter in TLS mode requires valid X.509 certificates from a certificate authority. When developing against Splinter, you can use this command to generate development certificates and the associated keys for your development environment.

The files are generated in the location specified by --cert-dir, the SPLINTER_CERT_DIR environment variable, or in the default location /etc/splinter/certs/. Note: The default location could be different if the SPLINTER_HOME environment variable is set; see the splinterd(1) man page for more information.

The following files are created: client.crt, client.key, server.crt, server.key, rest_api.crt, rest_api.key, generated_ca.pem, and generated_ca.key.


Overwrites files if they exist. If this flag is not provided and the file exists, an error is returned.
-h, --help
Prints help information
-q, --quiet
Decreases verbosity (the opposite of -v). When specified, only errors or warnings will be output.
Checks if the files exists and generates the files that are missing. If this flag is not provided and the file exists, an error is returned.
-V, --version
Prints version information
Increases verbosity (the opposite of -q). Specify multiple times for more output.


-d, --cert-dir CERT-DIR
Specifies the path to the directory to contain the certificates and associated key files. (Default: /etc/splinter/certs/, unless SPLINTER_CERT_DIR or SPLINTER_HOME is set). This directory must exist.
--common-name COMMON-NAME
Specifies a common name for the generated server certificate. (Default: localhost.) Use this option if the splinterd URL uses a DNS address instead of a numerical IP address.


To generate test certificates and keys:

$ splinter cert generate

To create missing certificates and keys when some files already exist, add the --skip flag. The command will ignore the existing files and create any files that are missing.

$ splinter cert generate --skip

To recreate the certificates and keys from scratch, use the --force flag to overwrite all existing files.

$ splinter cert generate --force



Specifies the directory containing certificates and associated key files (see --cert-dir).


Changes the base directory path for the Splinter directories, including the certificate directory. (See the splinterd(1) man page for more information.) This value is not used if SPLINTER_CERT_DIR is set.


| splinterd(1) | | Splinter documentation: https://www.splinter.dev/docs/0.6/