Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 1 | ndnsec-cert-gen |
| 2 | =============== |
| 3 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 4 | Synopsis |
| 5 | -------- |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 6 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 7 | **ndnsec cert-gen** [**-h**] [**-S** *timestamp*] [**-E** *timestamp*] |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 8 | [**-I** *info*]... [**-s** *signer*] [**-i** *issuer*] *file* |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 9 | |
| 10 | Description |
| 11 | ----------- |
| 12 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 13 | This command takes a signing request as input and issues an identity certificate for |
| 14 | the key contained in the signing request. |
| 15 | A signing request is generated automatically by :program:`ndnsec-key-gen` for any new |
| 16 | key, or it can be manually created for an existing key with :program:`ndnsec-sign-req`. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 17 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 18 | Unless specified otherwise, the default key is used to sign the issued certificate. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 19 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 20 | *file* is the name of a file that contains the signing request. |
| 21 | If *file* is "-", the signing request is read from the standard input. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 22 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 23 | The generated certificate is written to the standard output in Base64 encoding. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 24 | |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 25 | Options |
| 26 | ------- |
| 27 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 28 | .. option:: -S <timestamp>, --not-before <timestamp> |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 29 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 30 | Date and time when the certificate becomes valid, in "YYYYMMDDhhmmss" format. |
| 31 | The default value is now. |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 32 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 33 | .. option:: -E <timestamp>, --not-after <timestamp> |
Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 34 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 35 | Date and time when the certificate expires, in "YYYYMMDDhhmmss" format. |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 36 | The default value is 365 days after the :option:`--not-before` timestamp. |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 37 | |
| 38 | .. option:: -I <info>, --info <info> |
| 39 | |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 40 | Other information to be included in the issued certificate. Must be in the |
| 41 | form of key and value pairs, where the key is an arbitrary string without |
| 42 | spaces, followed by one or more spaces, followed by an arbitrary string |
| 43 | representing the value. This option may be repeated multiple times. |
Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 44 | |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 45 | For example:: |
| 46 | |
| 47 | -I "affiliation Some Organization" -I "homepage https://home.page/" |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 48 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 49 | .. option:: -s <signer>, --sign-id <signer> |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 50 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 51 | Signing identity. The default key/certificate of *signer* will be used to |
| 52 | sign the requested certificate. If this option is not specified, the system |
| 53 | default identity will be used. |
Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame] | 54 | |
Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame] | 55 | .. option:: -i <issuer>, --issuer-id <issuer> |
| 56 | |
| 57 | Issuer's ID to be included in the issued certificate name. The default |
| 58 | value is "NA". |
| 59 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 60 | Examples |
| 61 | -------- |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 62 | |
| 63 | :: |
| 64 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 65 | $ ndnsec cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 66 | |
| 67 | $ cat signed.cert |
| 68 | Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR |
| 69 | Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv |
| 70 | E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu |
| 71 | MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A |
| 72 | /Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk |
| 73 | /QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i |
| 74 | YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC |
| 75 | ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU= |
| 76 | |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 77 | $ ndnsec cert-dump -p -f signed.cert |
Davide Pesavento | 58de07a | 2022-06-08 00:02:02 -0400 | [diff] [blame] | 78 | Certificate Name: |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 79 | /example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82 |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 80 | Additional Description: |
| 81 | affiliation: Some Organization |
| 82 | foobar: Foo Bar |
Davide Pesavento | 58de07a | 2022-06-08 00:02:02 -0400 | [diff] [blame] | 83 | Public Key: |
| 84 | Key Type: 256-bit EC |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 85 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6 |
| 86 | pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA== |
Davide Pesavento | 58de07a | 2022-06-08 00:02:02 -0400 | [diff] [blame] | 87 | Validity: |
| 88 | Not Before: 2020-05-01T00:00:00 |
| 89 | Not After: 2021-01-01T00:00:00 |
Eric Newberry | 3ad8923 | 2020-04-28 12:28:26 -0700 | [diff] [blame] | 90 | Signature Information: |
| 91 | Signature Type: SignatureSha256WithEcdsa |
| 92 | Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95 |
Davide Pesavento | 102f057 | 2024-06-22 15:00:06 -0400 | [diff] [blame] | 93 | |
| 94 | See Also |
| 95 | -------- |
| 96 | |
| 97 | :manpage:`ndnsec-cert-dump(1)`, |
| 98 | :manpage:`ndnsec-cert-install(1)`, |
| 99 | :manpage:`ndnsec-key-gen(1)`, |
| 100 | :manpage:`ndnsec-sign-req(1)` |