pki --signcrl » History » Version 3
Tobias Brunner, 14.08.2013 17:27
| 1 | 2 | Tobias Brunner | h1. ipsec pki --signcrl |
|---|---|---|---|
| 2 | 1 | Martin Willi | |
| 3 | 1 | Martin Willi | h2. Synopsis |
| 4 | 1 | Martin Willi | |
| 5 | 1 | Martin Willi | <pre> |
| 6 | 3 | Tobias Brunner | pki --signcrl --cacert file --cakey file|--cakeyid hex [--lifetime days] |
| 7 | 3 | Tobias Brunner | [[--reason key-compromise|ca-compromise|affiliation-changed| |
| 8 | 1 | Martin Willi | superseded|cessation-of-operation|certificate-hold] |
| 9 | 3 | Tobias Brunner | [--date timestamp] --cert file|--serial hex]* |
| 10 | 3 | Tobias Brunner | [--digest md5|sha1|sha224|sha256|sha384|sha512] |
| 11 | 3 | Tobias Brunner | [--outform der|pem] |
| 12 | 1 | Martin Willi | |
| 13 | 1 | Martin Willi | --help (-h) show usage information |
| 14 | 1 | Martin Willi | --cacert (-c) CA certificate file |
| 15 | 1 | Martin Willi | --cakey (-k) CA private key file |
| 16 | 3 | Tobias Brunner | --cakeyid (-x) keyid on smartcard of CA private key |
| 17 | 1 | Martin Willi | --lifetime (-l) days the CRL gets a nextUpdate, default: 15 |
| 18 | 1 | Martin Willi | --lastcrl (-a) CRL of lastUpdate to copy revocations from |
| 19 | 3 | Tobias Brunner | --basecrl (-b) base CRL to create a delta CRL for |
| 20 | 3 | Tobias Brunner | --crluri (-u) freshest delta CRL URI to include |
| 21 | 1 | Martin Willi | --cert (-z) certificate file to revoke |
| 22 | 1 | Martin Willi | --serial (-s) hex encoded certificate serial number to revoke |
| 23 | 1 | Martin Willi | --reason (-r) reason for certificate revocation |
| 24 | 1 | Martin Willi | --date (-d) revocation date as unix timestamp, default: now |
| 25 | 1 | Martin Willi | --digest (-g) digest for signature creation, default: sha1 |
| 26 | 1 | Martin Willi | --outform (-f) encoding of generated crl, default: der |
| 27 | 1 | Martin Willi | --debug (-v) set debug level, default: 1 |
| 28 | 1 | Martin Willi | --options (-+) read command line options from file |
| 29 | 1 | Martin Willi | |
| 30 | 1 | Martin Willi | </pre> |
| 31 | 1 | Martin Willi | |
| 32 | 1 | Martin Willi | h2. Description |
| 33 | 1 | Martin Willi | |
| 34 | 1 | Martin Willi | Create a certificate revocation list. |
| 35 | 1 | Martin Willi | |
| 36 | 1 | Martin Willi | h2. Examples |
| 37 | 1 | Martin Willi | |
| 38 | 1 | Martin Willi | * Revoke a certificate: |
| 39 | 1 | Martin Willi | |
| 40 | 1 | Martin Willi | <pre> |
| 41 | 1 | Martin Willi | ipsec pki --signcrl --cacert caCert.der --cakey caKey.der --reason superseded --cert peerCert.der > crl.der |
| 42 | 1 | Martin Willi | </pre> |
| 43 | 1 | Martin Willi | |
| 44 | 1 | Martin Willi | * Update an existing CRL with two new revocations, using the certificates serial, but no reason: |
| 45 | 1 | Martin Willi | |
| 46 | 1 | Martin Willi | <pre> |
| 47 | 1 | Martin Willi | ipsec pki --signcrl --cacert caCert.der --cakey caKey.der --lastcrl crl1.der --serial 0123 --serial 0345 > crl2.der |
| 48 | 1 | Martin Willi | </pre> |