blob: 923c936f56bfba083b20c7ce39e523845d27c23b [file] [log] [blame]
ndnsec-cert-gen
===============
``ndnsec-cert-gen`` is a tool to issue an identity certificate.
Usage
-----
::
$ ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-N name] [-I info] [-s sign-id] [-p cert-prefix] request
Description
-----------
``ndnsec-cert-gen`` takes signing request as input and issues an identity certificate for the key in
the signing request. The signing request can be created during ``ndnsec-keygen`` and can be
re-generated with ``ndnsec-sign-req``.
By default, the default key/certificate will be used to sign the issued certificate.
``request`` could be a path to a file that contains the signing request. If ``request`` is ``-``,
then signing request will be read from standard input.
The generated certificate will be written to standard output in base64 encoding.
Options
-------
``-S timestamp``
Timestamp when the certificate becomes valid. The default value is now.
``-E timestamp``
Timestamp when the certificate expires. The default value is one year from now.
``-N name``
Name of the certificate owner.
``-I info``
Other information about the certificate owner. ``subject-info`` is a list of pairs of OID and
corresponding value. For example, "2.5.4.10 'Some Organization' 2.5.4.3 'http://home.page/'".
``-s sign-id``
Signing identity. The default key/certificate of ``sign-id`` will be used to sign the requested
certificate. If this option is not specified, the system default identity will be used.
``-p cert-prefix``
The certificate prefix, which is the part of certificate name before ``KEY`` component.
By default, the certificate prefix will be inferred from the certificate name according
to the relation between the signing identity and the subject identity. If the signing
identity is a prefix of the subject identity, ``KEY`` will be inserted after the
signingIdentity, otherwise ``KEY`` is inserted after subject identity (i.e., before
``ksk-....``).
Examples
--------
::
$ ndnsec-cert-gen -S 20140401000000 -E 20150331235959 -N "David"
-I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert
Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2
CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw
MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t
ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0
urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr
kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B
623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w
JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe
eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe
3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr
LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd
OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD
t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/
JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n
q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E
xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og==