HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/396/help/man/man1/gcloud_privateca_pools_create.1
.TH "GCLOUD_PRIVATECA_POOLS_CREATE" 1



.SH "NAME"
.HP
gcloud privateca pools create \- create a new CA Pool



.SH "SYNOPSIS"
.HP
\f5gcloud privateca pools create\fR (\fICA_POOL\fR\ :\ \fB\-\-location\fR=\fILOCATION\fR) [\fB\-\-issuance\-policy\fR=\fIISSUANCE_POLICY\fR] [\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]] [\fB\-\-no\-publish\-ca\-cert\fR] [\fB\-\-no\-publish\-crl\fR] [\fB\-\-publishing\-encoding\-format\fR=\fIPUBLISHING_ENCODING_FORMAT\fR;\ default="pem"] [\fB\-\-tier\fR=\fITIER\fR;\ default="enterprise"] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "EXAMPLES"

To create a CA pool in the dev ops tier:

.RS 2m
$ gcloud privateca pools create my\-pool \-\-location=us\-west1 \e
  \-\-tier=devops
.RE

To create a CA pool and restrict what it can issue:

.RS 2m
$ gcloud privateca pools create my\-pool \-\-location=us\-west1 \e
  \-\-issuance\-policy=policy.yaml
.RE

To create a CA pool that doesn't publicly publish CA certificates and CRLs:

.RS 2m
$ gcloud privateca pools create my\-pool \-\-location=us\-west1 \e
  \-\-issuance\-policy=policy.yaml \-\-no\-publish\-ca\-cert \e
  \-\-no\-publish\-crl
.RE



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

CA POOL resource \- The ca pool to create. The arguments in this group can be
used to specify the attributes of this resource. (NOTE) Some attributes are not
given arguments in this group but can be set in other ways.

To set the \f5project\fR attribute:
.RS 2m
.IP "\(em" 2m
provide the argument \f5CA_POOL\fR on the command line with a fully specified
name;
.IP "\(em" 2m
provide the argument \f5\-\-project\fR on the command line;
.IP "\(em" 2m
set the property \f5core/project\fR.
.RE
.sp

This must be specified.


.RS 2m
.TP 2m
\fICA_POOL\fR

ID of the CA_POOL or fully qualified identifier for the CA_POOL.

To set the \f5pool\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5CA_POOL\fR on the command line.
.RE
.sp

This positional argument must be specified if any of the other arguments in this
group are specified.

.TP 2m
\fB\-\-location\fR=\fILOCATION\fR

The location of the CA_POOL.

To set the \f5location\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5CA_POOL\fR on the command line with a fully specified
name;
.IP "\(bu" 2m
provide the argument \f5\-\-location\fR on the command line;
.IP "\(bu" 2m
set the property \f5privateca/location\fR.
.RE
.sp


.RE
.RE
.sp

.SH "FLAGS"

.RS 2m
.TP 2m
\fB\-\-issuance\-policy\fR=\fIISSUANCE_POLICY\fR

A YAML file describing this CA Pool's issuance policy.

.TP 2m
\fB\-\-labels\fR=[\fIKEY\fR=\fIVALUE\fR,...]

List of label KEY=VALUE pairs to add.

Keys must start with a lowercase character and contain only hyphens (\f5\-\fR),
underscores (\f5_\fR), lowercase characters, and numbers. Values must contain
only hyphens (\f5\-\fR), underscores (\f5_\fR), lowercase characters, and
numbers.

.TP 2m
\fB\-\-publish\-ca\-cert\fR

If this is enabled, the following will happen: 1) The CA certificates will be
written to a known location within the CA distribution point. 2) The AIA
extension in all issued certificates will point to the CA cert URL in that
distribition point.

Note that the same bucket may be used for the CRLs if \-\-publish\-crl is set.

Enabled by default, use \fB\-\-no\-publish\-ca\-cert\fR to disable.

.TP 2m
\fB\-\-publish\-crl\fR

If this gets enabled, the following will happen: 1) CRLs will be written to a
known location within the CA distribution point. 2) The CDP extension in all
future issued certificates will point to the CRL URL in that distribution point.

Note that the same bucket may be used for the CA cert if \-\-publish\-ca\-cert
is set.

CRL publication is not supported for CAs in the DevOps tier.

Enabled by default, use \fB\-\-no\-publish\-crl\fR to disable.

.TP 2m
\fB\-\-publishing\-encoding\-format\fR=\fIPUBLISHING_ENCODING_FORMAT\fR; default="pem"

The encoding format of the content published to storage buckets.
\fIPUBLISHING_ENCODING_FORMAT\fR must be one of: \fBder\fR, \fBpem\fR.

.TP 2m
\fB\-\-tier\fR=\fITIER\fR; default="enterprise"

The tier for the Certificate Authority. \fITIER\fR must be one of: \fBdevops\fR,
\fBenterprise\fR.


.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.
@ Telegram