Gitiles
Code Review Sign In
gerrit.named-data.net / ndn-cxx / f165bb4e770e1883c183ebba61a22f511ca39c90 / . / docs / manpages / ndnsec-cert-gen.rst
blob: b3c2724849c099eef8477cf0e23608fbe7ffafbc [file] [log] [blame]
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]1ndnsec-cert-gen
2===============
3
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]4Synopsis
5--------
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]6
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]7**ndnsec-cert-gen** [**-h**] [**-S** *timestamp*] [**-E** *timestamp*]
8[**-I** *info*]... [**-s** *signer*] [**-i** *issuer*] *file*
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]9
10Description
11-----------
12
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]13:program:`ndnsec-cert-gen` takes a signing request as input and issues an
14identity certificate for the key in the signing request. The signing request
15can be created with :program:`ndnsec-key-gen` and can be re-generated with
16:program:`ndnsec-sign-req`.
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]17
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]18By default, the default key is used to sign the issued certificate.
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]19
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]20*file* is the name of a file that contains the signing request. If *file* is
21"-", the signing request is read from the standard input.
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]22
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]23The generated certificate is written to the standard output in base64 encoding.
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]24
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]25Options
26-------
27
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]28.. option:: -S <timestamp>, --not-before <timestamp>
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]29
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]30 Date and time when the certificate becomes valid, in "YYYYMMDDhhmmss" format.
31 The default value is now.
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]32
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]33.. option:: -E <timestamp>, --not-after <timestamp>
Alexander Afanasyev35109a12017-01-04 15:39:06 -0800[diff] [blame]34
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]35 Date and time when the certificate expires, in "YYYYMMDDhhmmss" format.
36 The default value is 365 days after the **--not-before** timestamp.
37
38.. option:: -I <info>, --info <info>
39
Eric Newberry3ad89232020-04-28 12:28:26 -0700[diff] [blame]40 Other information to be included in the issued certificate. Must be in the
41 form of key and value pairs, where the key is an arbitrary string without
42 spaces, followed by one or more spaces, followed by an arbitrary string
43 representing the value. This option may be repeated multiple times.
Alexander Afanasyev35109a12017-01-04 15:39:06 -0800[diff] [blame]44
Eric Newberry3ad89232020-04-28 12:28:26 -0700[diff] [blame]45 For example::
46
47 -I "affiliation Some Organization" -I "homepage https://home.page/"
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]48
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]49.. option:: -s <signer>, --sign-id <signer>
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]50
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]51 Signing identity. The default key/certificate of *signer* will be used to
52 sign the requested certificate. If this option is not specified, the system
53 default identity will be used.
Yingdi Yu0eb5d722014-06-10 15:06:25 -0700[diff] [blame]54
Davide Pesaventob310efb2019-04-11 22:10:24 -0400[diff] [blame]55.. option:: -i <issuer>, --issuer-id <issuer>
56
57 Issuer's ID to be included in the issued certificate name. The default
58 value is "NA".
59
60Example
61-------
Alexander Afanasyev151a8552014-04-11 00:54:43 -0700[diff] [blame]62
63::
64
Eric Newberry3ad89232020-04-28 12:28:26 -0700[diff] [blame]65 $ ndnsec-cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert
66
67 $ cat signed.cert
68 Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR
69 Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv
70 E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu
71 MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A
72 /Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk
73 /QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i
74 YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC
75 ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU=
76
77 $ ndnsec-dump-certificate -p -f signed.cert
78 Certificate name:
79 /example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82
80 Validity:
81 NotBefore: 20200501T000000
82 NotAfter: 20210101T000000
83 Additional Description:
84 affiliation: Some Organization
85 foobar: Foo Bar
86 Public key bits:
87 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6
88 pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA==
89 Signature Information:
90 Signature Type: SignatureSha256WithEcdsa
91 Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95