blob: b51b338aff0f17cde708c4476b2afa84a36dc059 [file] [log] [blame]
Alexander Afanasyev151a8552014-04-11 00:54:43 -07001ndnsec-cert-gen
2===============
3
Davide Pesaventob310efb2019-04-11 22:10:24 -04004Synopsis
5--------
Alexander Afanasyev151a8552014-04-11 00:54:43 -07006
Davide Pesavento102f0572024-06-22 15:00:06 -04007**ndnsec cert-gen** [**-h**] [**-S** *timestamp*] [**-E** *timestamp*]
Davide Pesaventob310efb2019-04-11 22:10:24 -04008[**-I** *info*]... [**-s** *signer*] [**-i** *issuer*] *file*
Alexander Afanasyev151a8552014-04-11 00:54:43 -07009
10Description
11-----------
12
Davide Pesavento102f0572024-06-22 15:00:06 -040013This command takes a signing request as input and issues an identity certificate for
14the key contained in the signing request.
15A signing request is generated automatically by :program:`ndnsec-key-gen` for any new
16key, or it can be manually created for an existing key with :program:`ndnsec-sign-req`.
Alexander Afanasyev151a8552014-04-11 00:54:43 -070017
Davide Pesavento102f0572024-06-22 15:00:06 -040018Unless specified otherwise, the default key is used to sign the issued certificate.
Alexander Afanasyev151a8552014-04-11 00:54:43 -070019
Davide Pesavento102f0572024-06-22 15:00:06 -040020*file* is the name of a file that contains the signing request.
21If *file* is "-", the signing request is read from the standard input.
Alexander Afanasyev151a8552014-04-11 00:54:43 -070022
Davide Pesavento102f0572024-06-22 15:00:06 -040023The generated certificate is written to the standard output in Base64 encoding.
Alexander Afanasyev151a8552014-04-11 00:54:43 -070024
Alexander Afanasyev151a8552014-04-11 00:54:43 -070025Options
26-------
27
Davide Pesaventob310efb2019-04-11 22:10:24 -040028.. option:: -S <timestamp>, --not-before <timestamp>
Alexander Afanasyev151a8552014-04-11 00:54:43 -070029
Davide Pesaventob310efb2019-04-11 22:10:24 -040030 Date and time when the certificate becomes valid, in "YYYYMMDDhhmmss" format.
31 The default value is now.
Alexander Afanasyev151a8552014-04-11 00:54:43 -070032
Davide Pesaventob310efb2019-04-11 22:10:24 -040033.. option:: -E <timestamp>, --not-after <timestamp>
Alexander Afanasyev35109a12017-01-04 15:39:06 -080034
Davide Pesaventob310efb2019-04-11 22:10:24 -040035 Date and time when the certificate expires, in "YYYYMMDDhhmmss" format.
Davide Pesavento102f0572024-06-22 15:00:06 -040036 The default value is 365 days after the :option:`--not-before` timestamp.
Davide Pesaventob310efb2019-04-11 22:10:24 -040037
38.. option:: -I <info>, --info <info>
39
Eric Newberry3ad89232020-04-28 12:28:26 -070040 Other information to be included in the issued certificate. Must be in the
41 form of key and value pairs, where the key is an arbitrary string without
42 spaces, followed by one or more spaces, followed by an arbitrary string
43 representing the value. This option may be repeated multiple times.
Alexander Afanasyev35109a12017-01-04 15:39:06 -080044
Eric Newberry3ad89232020-04-28 12:28:26 -070045 For example::
46
47 -I "affiliation Some Organization" -I "homepage https://home.page/"
Alexander Afanasyev151a8552014-04-11 00:54:43 -070048
Davide Pesaventob310efb2019-04-11 22:10:24 -040049.. option:: -s <signer>, --sign-id <signer>
Alexander Afanasyev151a8552014-04-11 00:54:43 -070050
Davide Pesaventob310efb2019-04-11 22:10:24 -040051 Signing identity. The default key/certificate of *signer* will be used to
52 sign the requested certificate. If this option is not specified, the system
53 default identity will be used.
Yingdi Yu0eb5d722014-06-10 15:06:25 -070054
Davide Pesaventob310efb2019-04-11 22:10:24 -040055.. option:: -i <issuer>, --issuer-id <issuer>
56
57 Issuer's ID to be included in the issued certificate name. The default
58 value is "NA".
59
Davide Pesavento102f0572024-06-22 15:00:06 -040060Examples
61--------
Alexander Afanasyev151a8552014-04-11 00:54:43 -070062
63::
64
Davide Pesavento102f0572024-06-22 15:00:06 -040065 $ ndnsec cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert
Eric Newberry3ad89232020-04-28 12:28:26 -070066
67 $ cat signed.cert
68 Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR
69 Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv
70 E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu
71 MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A
72 /Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk
73 /QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i
74 YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC
75 ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU=
76
Davide Pesavento102f0572024-06-22 15:00:06 -040077 $ ndnsec cert-dump -p -f signed.cert
Davide Pesavento58de07a2022-06-08 00:02:02 -040078 Certificate Name:
Eric Newberry3ad89232020-04-28 12:28:26 -070079 /example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82
Eric Newberry3ad89232020-04-28 12:28:26 -070080 Additional Description:
81 affiliation: Some Organization
82 foobar: Foo Bar
Davide Pesavento58de07a2022-06-08 00:02:02 -040083 Public Key:
84 Key Type: 256-bit EC
Eric Newberry3ad89232020-04-28 12:28:26 -070085 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6
86 pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA==
Davide Pesavento58de07a2022-06-08 00:02:02 -040087 Validity:
88 Not Before: 2020-05-01T00:00:00
89 Not After: 2021-01-01T00:00:00
Eric Newberry3ad89232020-04-28 12:28:26 -070090 Signature Information:
91 Signature Type: SignatureSha256WithEcdsa
92 Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95
Davide Pesavento102f0572024-06-22 15:00:06 -040093
94See Also
95--------
96
97:manpage:`ndnsec-cert-dump(1)`,
98:manpage:`ndnsec-cert-install(1)`,
99:manpage:`ndnsec-key-gen(1)`,
100:manpage:`ndnsec-sign-req(1)`