Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 1 | ndnsec-cert-gen |
| 2 | =============== |
| 3 | |
| 4 | ``ndnsec-cert-gen`` is a tool to issue an identity certificate. |
| 5 | |
| 6 | Usage |
| 7 | ----- |
| 8 | |
| 9 | :: |
| 10 | |
Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame^] | 11 | $ ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-N name] [-I info] [-s sign-id] [-p cert-prefix] request |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 12 | |
| 13 | Description |
| 14 | ----------- |
| 15 | |
| 16 | ``ndnsec-cert-gen`` takes signing request as input and issues an identity certificate for the key in |
| 17 | the signing request. The signing request can be created during ``ndnsec-keygen`` and can be |
| 18 | re-generated with ``ndnsec-sign-req``. |
| 19 | |
| 20 | By default, the default key/certificate will be used to sign the issued certificate. |
| 21 | |
| 22 | ``request`` could be a path to a file that contains the signing request. If ``request`` is ``-``, |
| 23 | then signing request will be read from standard input. |
| 24 | |
| 25 | The generated certificate will be written to standard output in base64 encoding. |
| 26 | |
| 27 | |
| 28 | Options |
| 29 | ------- |
| 30 | |
| 31 | ``-S timestamp`` |
| 32 | Timestamp when the certificate becomes valid. The default value is now. |
| 33 | |
| 34 | ``-E timestamp`` |
| 35 | Timestamp when the certificate expires. The default value is one year from now. |
| 36 | |
| 37 | ``-N name`` |
| 38 | Name of the certificate owner. |
| 39 | |
| 40 | ``-I info`` |
| 41 | Other information about the certificate owner. ``subject-info`` is a list of pairs of OID and |
| 42 | corresponding value. For example, "2.5.4.10 'Some Organization' 2.5.4.3 'http://home.page/'". |
| 43 | |
| 44 | ``-s sign-id`` |
| 45 | Signing identity. The default key/certificate of ``sign-id`` will be used to sign the requested |
| 46 | certificate. If this option is not specified, the system default identity will be used. |
| 47 | |
Yingdi Yu | 0eb5d72 | 2014-06-10 15:06:25 -0700 | [diff] [blame^] | 48 | ``-p cert-prefix`` |
| 49 | The certificate prefix, which is the part of certificate name before ``KEY`` component. |
| 50 | |
| 51 | By default, the certificate prefix will be inferred from the certificate name according |
| 52 | to the relation between the signing identity and the subject identity. If the signing |
| 53 | identity is a prefix of the subject identity, ``KEY`` will be inserted after the |
| 54 | signingIdentity, otherwise ``KEY`` is inserted after subject identity (i.e., before |
| 55 | ``ksk-....``). |
| 56 | |
Alexander Afanasyev | 151a855 | 2014-04-11 00:54:43 -0700 | [diff] [blame] | 57 | Examples |
| 58 | -------- |
| 59 | |
| 60 | :: |
| 61 | |
| 62 | $ ndnsec-cert-gen -S 20140401000000 -E 20150331235959 -N "David" |
| 63 | -I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert |
| 64 | Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2 |
| 65 | CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw |
| 66 | MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t |
| 67 | ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0 |
| 68 | urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr |
| 69 | kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B |
| 70 | 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w |
| 71 | JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe |
| 72 | eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe |
| 73 | 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr |
| 74 | LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd |
| 75 | OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD |
| 76 | t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/ |
| 77 | JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n |
| 78 | q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E |
| 79 | xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og== |