| ndnsec-cert-gen |
| =============== |
| |
| Synopsis |
| -------- |
| |
| **ndnsec cert-gen** [**-h**] [**-S** *timestamp*] [**-E** *timestamp*] |
| [**-I** *info*]... [**-s** *signer*] [**-i** *issuer*] *file* |
| |
| Description |
| ----------- |
| |
| This command takes a signing request as input and issues an identity certificate for |
| the key contained in the signing request. |
| A signing request is generated automatically by :program:`ndnsec-key-gen` for any new |
| key, or it can be manually created for an existing key with :program:`ndnsec-sign-req`. |
| |
| Unless specified otherwise, the default key is used to sign the issued certificate. |
| |
| *file* is the name of a file that contains the signing request. |
| If *file* is "-", the signing request is read from the standard input. |
| |
| The generated certificate is written to the standard output in Base64 encoding. |
| |
| Options |
| ------- |
| |
| .. option:: -S <timestamp>, --not-before <timestamp> |
| |
| Date and time when the certificate becomes valid, in "YYYYMMDDhhmmss" format. |
| The default value is now. |
| |
| .. option:: -E <timestamp>, --not-after <timestamp> |
| |
| Date and time when the certificate expires, in "YYYYMMDDhhmmss" format. |
| The default value is 365 days after the :option:`--not-before` timestamp. |
| |
| .. option:: -I <info>, --info <info> |
| |
| Other information to be included in the issued certificate. Must be in the |
| form of key and value pairs, where the key is an arbitrary string without |
| spaces, followed by one or more spaces, followed by an arbitrary string |
| representing the value. This option may be repeated multiple times. |
| |
| For example:: |
| |
| -I "affiliation Some Organization" -I "homepage https://home.page/" |
| |
| .. option:: -s <signer>, --sign-id <signer> |
| |
| Signing identity. The default key/certificate of *signer* will be used to |
| sign the requested certificate. If this option is not specified, the system |
| default identity will be used. |
| |
| .. option:: -i <issuer>, --issuer-id <issuer> |
| |
| Issuer's ID to be included in the issued certificate name. The default |
| value is "NA". |
| |
| Examples |
| -------- |
| |
| :: |
| |
| $ ndnsec cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert |
| |
| $ cat signed.cert |
| Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR |
| Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv |
| E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu |
| MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A |
| /Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk |
| /QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i |
| YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC |
| ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU= |
| |
| $ ndnsec cert-dump -p -f signed.cert |
| Certificate Name: |
| /example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82 |
| Additional Description: |
| affiliation: Some Organization |
| foobar: Foo Bar |
| Public Key: |
| Key Type: 256-bit EC |
| MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6 |
| pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA== |
| Validity: |
| Not Before: 2020-05-01T00:00:00 |
| Not After: 2021-01-01T00:00:00 |
| Signature Information: |
| Signature Type: SignatureSha256WithEcdsa |
| Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95 |
| |
| See Also |
| -------- |
| |
| :manpage:`ndnsec-cert-dump(1)`, |
| :manpage:`ndnsec-cert-install(1)`, |
| :manpage:`ndnsec-key-gen(1)`, |
| :manpage:`ndnsec-sign-req(1)` |