Project

General

Profile

pki --issue » History » Version 5

Andreas Steffen, 31.12.2009 15:18
Added --pathlen option

1 1 Andreas Steffen
h1. ipsec pki --issue
2 1 Andreas Steffen
3 1 Andreas Steffen
h2. Synopsis
4 1 Andreas Steffen
5 1 Andreas Steffen
<pre>
6 1 Andreas Steffen
pki --issue [--in file] [--type pub|pkcs10] --cacert file --cakey file --dn subject-dn
7 1 Andreas Steffen
            [--san subjectAltName]+ [--lifetime days] [--serial hex]
8 5 Andreas Steffen
            [--ca] [--pathlen len] [--crl uri]+ [--ocsp uri]+
9 5 Andreas Steffen
            [--flag serverAuth|ocspSigning]+
10 1 Andreas Steffen
            [--digest md5|sha1|sha224|sha256|sha384|sha512]
11 1 Andreas Steffen
12 1 Andreas Steffen
           --help     (-h)  show usage information
13 1 Andreas Steffen
           --in       (-i)  public key/request file to issue, default: stdin
14 1 Andreas Steffen
           --type     (-t)  type of input, default: pub
15 1 Andreas Steffen
           --cacert   (-c)  CA certificate file
16 1 Andreas Steffen
           --cakey    (-k)  CA private key file
17 1 Andreas Steffen
           --dn       (-d)  distinguished name to include as subject
18 1 Andreas Steffen
           --san      (-a)  subjectAltName to include in certificate
19 1 Andreas Steffen
           --lifetime (-l)  days the certificate is valid, default: 1080
20 1 Andreas Steffen
           --serial   (-s)  serial number in hex, default: random
21 1 Andreas Steffen
           --ca       (-b)  include CA basicConstraint, default: no
22 5 Andreas Steffen
           --pathlen  (-p)  set path length constraint
23 2 Andreas Steffen
           --flag     (-f)  include extendedKeyUsage flag
24 1 Andreas Steffen
           --crl      (-u)  CRL distribution point URI to include
25 1 Andreas Steffen
           --ocsp     (-o)  OCSP AuthorityInfoAccess URI to include
26 1 Andreas Steffen
           --digest   (-g)  digest for signature creation, default: sha1
27 1 Andreas Steffen
           --debug    (-v)  set debug level, default: 1
28 1 Andreas Steffen
           --options  (-+)  read command line options from file
29 1 Andreas Steffen
</pre>
30 1 Andreas Steffen
31 1 Andreas Steffen
h2. Description
32 1 Andreas Steffen
33 4 Andreas Steffen
Issue an X.509 certificate signed with a CA's private key.
34 3 Andreas Steffen
35 3 Andreas Steffen
h2. Examples
36 3 Andreas Steffen
37 3 Andreas Steffen
* Create an options file to save repetitive typing work
38 3 Andreas Steffen
39 3 Andreas Steffen
<pre>
40 3 Andreas Steffen
cat > pki.opt
41 3 Andreas Steffen
--cacert caCert.der --cakey caKey.der --digest sha256
42 3 Andreas Steffen
--flag serverAuth --lifetime 1460
43 3 Andreas Steffen
--type pkcs10
44 3 Andreas Steffen
</pre>
45 3 Andreas Steffen
46 3 Andreas Steffen
* Issue a CA-signed certificat based on a PKCS10 certificate request
47 3 Andreas Steffen
48 3 Andreas Steffen
<pre>
49 3 Andreas Steffen
pki --issue --options pki.opt --serial 01 --in myReq.der > myCert.der
50 3 Andreas Steffen
</pre>