Annotation of embedaddon/strongswan/src/pki/man/pki---acert.1.in, revision 1.1.1.1
1.1 misho 1: .TH "PKI \-\-ACERT" 1 "2014-02-05" "@PACKAGE_VERSION@" "strongSwan"
2: .
3: .SH "NAME"
4: .
5: pki \-\-acert \- Issue an attribute certificate
6: .
7: .SH "SYNOPSIS"
8: .
9: .SY pki\ \-\-acert
10: .OP \-\-in file
11: .OP \-\-group membership
12: .BI \-\-issuerkey\~ file |\-\-issuerkeyid\~ hex
13: .BI \-\-issuercert\~ file
14: .OP \-\-lifetime hours
15: .OP \-\-not-before datetime
16: .OP \-\-not-after datetime
17: .OP \-\-serial hex
18: .OP \-\-digest digest
19: .OP \-\-rsa\-padding padding
20: .OP \-\-outform encoding
21: .OP \-\-debug level
22: .YS
23: .
24: .SY pki\ \-\-acert
25: .BI \-\-options\~ file
26: .YS
27: .
28: .SY "pki \-\-acert"
29: .B \-h
30: |
31: .B \-\-help
32: .YS
33: .
34: .SH "DESCRIPTION"
35: .
36: This sub-command of
37: .BR pki (1)
38: is used to issue an attribute certificate using an issuer certificate with its
39: private key and the holder certificate.
40: .
41: .SH "OPTIONS"
42: .
43: .TP
44: .B "\-h, \-\-help"
45: Print usage information with a summary of the available options.
46: .TP
47: .BI "\-v, \-\-debug " level
48: Set debug level, default: 1.
49: .TP
50: .BI "\-+, \-\-options " file
51: Read command line options from \fIfile\fR.
52: .TP
53: .BI "\-i, \-\-in " file
54: Holder certificate to issue an attribute certificate for. If not given the
55: certificate is read from \fISTDIN\fR.
56: .TP
57: .BI "\-m, \-\-group " membership
58: Group membership the attribute certificate shall certify. The specified group
59: is included as a string. To include multiple groups, the option can be repeated.
60: .TP
61: .BI "\-k, \-\-issuerkey " file
62: Issuer private key file. Either this or
63: .B \-\-issuerkeyid
64: is required.
65: .TP
66: .BI "\-x, \-\-issuerkeyid " hex
67: Smartcard or TPM issuer private key object handle in hex format with an optional
68: h0x prefix. Either this or
69: .B \-\-issuerkey
70: is required.
71: .TP
72: .BI "\-c, \-\-issuercert " file
73: Issuer certificate file. Required.
74: .TP
75: .BI "\-l, \-\-lifetime " hours
76: Hours the attribute certificate is valid, default: 24. Ignored if both
77: an absolute start and end time are given.
78: .TP
79: .BI "\-F, \-\-not-before " datetime
80: Absolute time when the validity of the AC begins. The datetime format is
81: defined by the
82: .B \-\-dateform
83: option.
84: .TP
85: .BI "\-T, \-\-not-after " datetime
86: Absolute time when the validity of the AC ends. The datetime format is
87: defined by the
88: .B \-\-dateform
89: option.
90: .TP
91: .BI "\-D, \-\-dateform " form
92: strptime(3) format for the
93: .B \-\-not\-before
94: and
95: .B \-\-not\-after
96: options, default:
97: .B %d.%m.%y %T
98: .TP
99: .BI "\-s, \-\-serial " hex
100: Serial number in hex. It is randomly allocated by default.
101: .TP
102: .BI "\-g, \-\-digest " digest
103: Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
104: \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
105: determined based on the type and size of the signature key.
106: .TP
107: .BI "\-R, \-\-rsa\-padding " padding
108: Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
109: to \fIpkcs1\fR.
110: .TP
111: .BI "\-f, \-\-outform " encoding
112: Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
113: \fIpem\fR (Base64 PEM), defaults to \fIder\fR.
114: .
115: .SH "EXAMPLES"
116: .
117: To save repetitive typing, command line options can be stored in files.
118: Lets assume
119: .I acert.opt
120: contains the following contents:
121: .PP
122: .EX
123: --issuercert aacert.der --issuerkey aakey.der --digest sha256 --lifetime 4
124: .EE
125: .PP
126: Then the following command can be used to issue an attribute certificate based
127: on a holder certificate and the options above:
128: .PP
129: .EX
130: pki --acert --options acert.opt --in holder.der --group sales --group finance -f pem
131: .EE
132: .PP
133: .
134: .SH "SEE ALSO"
135: .
136: .BR pki (1)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pki---acert.1.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man