# certdb usage

Using a database enables additional functionality for existing commands when a
db config is provided:

 - `sign` and `gencert` add a certificate to the certdb after signing it
 - `serve` enables database functionality for the sign and revoke endpoints

A database is required for the following:

 - `revoke` marks certificates revoked in the database with an optional reason
 - `ocsprefresh` refreshes the table of cached OCSP responses
 - `ocspdump` outputs cached OCSP responses in a concatenated base64-encoded format

## Setup/Migration

This directory stores [goose]( db migration scripts for various DB backends.
Currently supported:
 - SQLite in sqlite
 - PostgreSQL in pg

### Get goose

    go get

### Use goose to start and terminate a SQLite DB
To start a SQLite DB using goose:

    goose -path $GOPATH/src/ up'

To tear down a SQLite DB using goose

    goose -path $GOPATH/src/ down

### Use goose to start and terminate a PostgreSQL DB
To start a PostgreSQL using goose:

    goose -path $GOPATH/src/ up

To tear down a PostgreSQL DB using goose

    goose -path $GOPATH/src/ down

Note: the administration of PostgreSQL DB is not included. We assume
the databases being connected to are already created and access control
are properly handled.

## CFSSL Configuration

Several cfssl commands take a -db-config flag. Create a file with a
JSON dictionary:




