| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 1 | ndnsec-cert-gen |
| 2 | =============== |
| 3 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 4 | Synopsis |
| 5 | -------- |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 6 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 7 | **ndnsec-cert-gen** [**-h**] [**-S** *timestamp*] [**-E** *timestamp*] |
| 8 | [**-I** *info*]... [**-s** *signer*] [**-i** *issuer*] *file* |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 9 | |
| 10 | Description |
| 11 | ----------- |
| 12 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 13 | :program:`ndnsec-cert-gen` takes a signing request as input and issues an |
| 14 | identity certificate for the key in the signing request. The signing request |
| 15 | can be created with :program:`ndnsec-key-gen` and can be re-generated with |
| 16 | :program:`ndnsec-sign-req`. |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 17 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 18 | By default, the default key is used to sign the issued certificate. |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 19 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 20 | *file* is the name of a file that contains the signing request. If *file* is |
| 21 | "-", the signing request is read from the standard input. |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 22 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 23 | The generated certificate is written to the standard output in base64 encoding. |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 24 | |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 25 | Options |
| 26 | ------- |
| 27 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 28 | .. option:: -S <timestamp>, --not-before <timestamp> |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 29 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 30 | Date and time when the certificate becomes valid, in "YYYYMMDDhhmmss" format. |
| 31 | The default value is now. |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 32 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 33 | .. option:: -E <timestamp>, --not-after <timestamp> |
| Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 34 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 35 | Date and time when the certificate expires, in "YYYYMMDDhhmmss" format. |
| 36 | The default value is 365 days after the **--not-before** timestamp. |
| 37 | |
| 38 | .. option:: -I <info>, --info <info> |
| 39 | |
| 40 | Other information to be included in the issued certificate. For example:: |
| Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 41 | |
| 42 | -I "affiliation Some Organization" -I "homepage http://home.page/" |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 43 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 44 | .. option:: -s <signer>, --sign-id <signer> |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 45 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 46 | Signing identity. The default key/certificate of *signer* will be used to |
| 47 | sign the requested certificate. If this option is not specified, the system |
| 48 | default identity will be used. |
| Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame] | 49 | |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 50 | .. option:: -i <issuer>, --issuer-id <issuer> |
| 51 | |
| 52 | Issuer's ID to be included in the issued certificate name. The default |
| 53 | value is "NA". |
| 54 | |
| 55 | Example |
| 56 | ------- |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 57 | |
| 58 | :: |
| 59 | |
| 60 | $ ndnsec-cert-gen -S 20140401000000 -E 20150331235959 -N "David" |
| Davide Pesavento | b310efb | 2019-04-11 22:10:24 -0400 | [diff] [blame^] | 61 | -I "2.5.4.10 'Some Organization'" -s /ndn/test request.cert |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 62 | Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2 |
| 63 | CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw |
| 64 | MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t |
| 65 | ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0 |
| 66 | urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr |
| 67 | kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B |
| 68 | 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w |
| 69 | JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe |
| 70 | eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe |
| 71 | 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr |
| 72 | LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd |
| 73 | OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD |
| 74 | t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/ |
| 75 | JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n |
| 76 | q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E |
| 77 | xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og== |