Complete the code to create a new Certificate Authority in Google Cloud.
gcloud privateca certificate-authorities create my-ca --location=[1] --pool=my-poolThe us-central1 region is commonly used for creating Certificate Authorities in Google Cloud. This command sets the location for the CA.
Complete the code to issue a new certificate from an existing Certificate Authority.
gcloud privateca certificates create my-cert --certificate-authority=my-ca --location=us-central1 --certificate-config=[1]The certificate configuration is typically provided in a JSON file. Here, config.json is the correct format for the certificate config.
Fix the error in the command to revoke a certificate by completing the missing flag.
gcloud privateca certificates revoke my-cert --certificate-authority=my-ca --location=us-central1 [1]=KEY_COMPROMISEThe --reason flag specifies why the certificate is revoked. KEY_COMPROMISE is a valid reason.
Fill both blanks to create a certificate revocation list (CRL) and specify its maximum size.
gcloud privateca crl-pools create my-crl-pool --location=us-central1 --max-entries=[1] --description=[2]
The --max-entries flag sets the maximum number of entries in the CRL. 1000 is a common limit. The --description flag provides a description, here "CRL for revoked certificates".
Fill all three blanks to define a certificate template with a specific key algorithm, key usage, and lifetime.
gcloud privateca templates create my-template --location=us-central1 --key-algorithm=[1] --key-usage=[2] --lifetime=[3]
The --key-algorithm is set to ECDSA_P256 for a secure elliptic curve key. The --key-usage is digital_signature to allow signing. The --lifetime is 8760h, which equals one year.