From 9d9043543793c43a472b3a074ae0783fa32cf3e0 Mon Sep 17 00:00:00 2001 From: Hayden B Date: Thu, 21 Mar 2024 10:20:08 -0700 Subject: [PATCH] =?UTF-8?q?Revert=20"document=20`--ca-roots`=20and=20`--ca?= =?UTF-8?q?-intermediates`=20=20flags=20for=20'cosign=20ver=E2=80=A6"=20(#?= =?UTF-8?q?298)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 64b258ff4492888355c8c25a860ddc55fa782d67. Signed-off-by: Hayden Blauzvern --- content/en/verifying/verify.md | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/content/en/verifying/verify.md b/content/en/verifying/verify.md index 442d3f83..ff0ba9a6 100644 --- a/content/en/verifying/verify.md +++ b/content/en/verifying/verify.md @@ -80,22 +80,12 @@ $ cosign verify --certificate cosign.crt --certificate-chain chain.crt user/demo ``` ## Verify image with user-provided trusted chain -Verify image with the provided certificate chain(s) and identity parameters (intended for -"bring your own PKI" use cases). -* with a single certificate chain file - which may contain one or several intermediate -certificates followed by the root CA certificate - use the `--certificate-chain` parameter: +Verify image with the provided certificate chain and identity parameters (intended for +a "bring your own PKI" use case): + ```shell $ cosign verify --certificate-chain chain.crt --certificate-oidc-issuer https://issuer.example.com --certificate-identity foo@example.com user/demo ``` -* with a certificate bundle PEM file containing several CA roots and (optionally) -intermediate certificates, use the `--ca-roots` parameter together with `--ca-intermediates`: -```shell -$ cosign verify --ca-roots ca-roots.pem --ca-intermediates ca-intermediates \ - --certificate-oidc-issuer https://issuer.example.com \ - --certificate-identity foo@example.com user/demo -``` - -The `--ca-roots` and `--ca-intermediates` flags are mutually exclusive with `--certificate-chain`. ## Verify an image on the transparency log