| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 1 | ndnsec-cert-gen |
| 2 | =============== |
| 3 | |
| 4 | ``ndnsec-cert-gen`` is a tool to issue an identity certificate. |
| 5 | |
| 6 | Usage |
| 7 | ----- |
| 8 | |
| 9 | :: |
| 10 | |
| Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 11 | $ ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-I info] [-s sign-id] [-i issuer-id] request |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 12 | |
| 13 | Description |
| 14 | ----------- |
| 15 | |
| 16 | ``ndnsec-cert-gen`` takes signing request as input and issues an identity certificate for the key in |
| 17 | the signing request. The signing request can be created during ``ndnsec-keygen`` and can be |
| 18 | re-generated with ``ndnsec-sign-req``. |
| 19 | |
| 20 | By default, the default key/certificate will be used to sign the issued certificate. |
| 21 | |
| 22 | ``request`` could be a path to a file that contains the signing request. If ``request`` is ``-``, |
| 23 | then signing request will be read from standard input. |
| 24 | |
| 25 | The generated certificate will be written to standard output in base64 encoding. |
| 26 | |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 27 | Options |
| 28 | ------- |
| 29 | |
| 30 | ``-S timestamp`` |
| 31 | Timestamp when the certificate becomes valid. The default value is now. |
| 32 | |
| 33 | ``-E timestamp`` |
| 34 | Timestamp when the certificate expires. The default value is one year from now. |
| 35 | |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 36 | ``-I info`` |
| Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 37 | Other information to be included in the issued certificate. For example, |
| 38 | |
| 39 | :: |
| 40 | |
| 41 | -I "affiliation Some Organization" -I "homepage http://home.page/" |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 42 | |
| 43 | ``-s sign-id`` |
| 44 | Signing identity. The default key/certificate of ``sign-id`` will be used to sign the requested |
| 45 | certificate. If this option is not specified, the system default identity will be used. |
| 46 | |
| Alexander Afanasyev | 35109a1 | 2017-01-04 15:39:06 -0800 | [diff] [blame] | 47 | ``-s issuer-id`` |
| 48 | Issuer's ID to be included as part of the issued certificate name. If not specified, "NA" |
| 49 | value will be used |
| Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame] | 50 | |
| Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 51 | Examples |
| 52 | -------- |
| 53 | |
| 54 | :: |
| 55 | |
| 56 | $ ndnsec-cert-gen -S 20140401000000 -E 20150331235959 -N "David" |
| 57 | -I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert |
| 58 | Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2 |
| 59 | CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw |
| 60 | MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t |
| 61 | ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0 |
| 62 | urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr |
| 63 | kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B |
| 64 | 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w |
| 65 | JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe |
| 66 | eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe |
| 67 | 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr |
| 68 | LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd |
| 69 | OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD |
| 70 | t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/ |
| 71 | JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n |
| 72 | q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E |
| 73 | xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og== |