Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 1 | ndnsec-cert-gen |
| 2 | =============== |
| 3 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 4 | Synopsis |
| 5 | -------- |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 6 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 7 | **ndnsec-cert-gen** [**-h**] [**-S** *timestamp*] [**-E** *timestamp*] |
| 8 | [**-I** *info*]... [**-s** *signer*] [**-i** *issuer*] *file* |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 9 | |
| 10 | Description |
| 11 | ----------- |
| 12 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 13 | :program:`ndnsec-cert-gen` takes a signing request as input and issues an |
| 14 | identity certificate for the key in the signing request. The signing request |
| 15 | can be created with :program:`ndnsec-key-gen` and can be re-generated with |
| 16 | :program:`ndnsec-sign-req`. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 17 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 18 | By default, the default key is used to sign the issued certificate. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 19 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 20 | *file* is the name of a file that contains the signing request. If *file* is |
| 21 | "-", the signing request is read from the standard input. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 22 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 23 | The generated certificate is written to the standard output in base64 encoding. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 24 | |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 25 | Options |
| 26 | ------- |
| 27 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 28 | .. option:: -S <timestamp>, --not-before <timestamp> |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 29 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 30 | Date and time when the certificate becomes valid, in "YYYYMMDDhhmmss" format. |
| 31 | The default value is now. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 32 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 33 | .. option:: -E <timestamp>, --not-after <timestamp> |
Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 34 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 35 | Date and time when the certificate expires, in "YYYYMMDDhhmmss" format. |
| 36 | The default value is 365 days after the **--not-before** timestamp. |
| 37 | |
| 38 | .. option:: -I <info>, --info <info> |
| 39 | |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 40 | Other information to be included in the issued certificate. Must be in the |
| 41 | form of key and value pairs, where the key is an arbitrary string without |
| 42 | spaces, followed by one or more spaces, followed by an arbitrary string |
| 43 | representing the value. This option may be repeated multiple times. |
Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 44 | |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 45 | For example:: |
| 46 | |
| 47 | -I "affiliation Some Organization" -I "homepage https://home.page/" |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 48 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 49 | .. option:: -s <signer>, --sign-id <signer> |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 50 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 51 | Signing identity. The default key/certificate of *signer* will be used to |
| 52 | sign the requested certificate. If this option is not specified, the system |
| 53 | default identity will be used. |
Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame] | 54 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 55 | .. option:: -i <issuer>, --issuer-id <issuer> |
| 56 | |
| 57 | Issuer's ID to be included in the issued certificate name. The default |
| 58 | value is "NA". |
| 59 | |
| 60 | Example |
| 61 | ------- |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 62 | |
| 63 | :: |
| 64 | |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 65 | $ ndnsec-cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert |
| 66 | |
| 67 | $ cat signed.cert |
| 68 | Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR |
| 69 | Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv |
| 70 | E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu |
| 71 | MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A |
| 72 | /Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk |
| 73 | /QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i |
| 74 | YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC |
| 75 | ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU= |
| 76 | |
Davide Pesavento | 97157b4 | 2021-05-27 21:00:43 -0400 | [diff] [blame] | 77 | $ ndnsec-cert-dump -p -f signed.cert |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 78 | Certificate name: |
| 79 | /example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82 |
| 80 | Validity: |
| 81 | NotBefore: 20200501T000000 |
| 82 | NotAfter: 20210101T000000 |
| 83 | Additional Description: |
| 84 | affiliation: Some Organization |
| 85 | foobar: Foo Bar |
| 86 | Public key bits: |
| 87 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6 |
| 88 | pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA== |
| 89 | Signature Information: |
| 90 | Signature Type: SignatureSha256WithEcdsa |
| 91 | Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95 |