Annotation of embedaddon/strongswan/src/pki/man/pki---self.1.in, revision 1.1
1.1 ! misho 1: .TH "PKI \-\-SELF" 1 "2019-05-06" "@PACKAGE_VERSION@" "strongSwan"
! 2: .
! 3: .SH "NAME"
! 4: .
! 5: pki \-\-self \- Create a self-signed certificate
! 6: .
! 7: .SH "SYNOPSIS"
! 8: .
! 9: .SY pki\ \-\-self
! 10: .RB [ \-\-in
! 11: .IR file | \fB\-\-keyid\fR
! 12: .IR hex ]
! 13: .OP \-\-type t
! 14: .BI \-\-dn\~ distinguished-name
! 15: .OP \-\-san subjectAltName
! 16: .OP \-\-lifetime days
! 17: .OP \-\-not-before datetime
! 18: .OP \-\-not-after datetime
! 19: .OP \-\-serial hex
! 20: .OP \-\-flag flag
! 21: .OP \-\-digest digest
! 22: .OP \-\-rsa\-padding padding
! 23: .OP \-\-ca
! 24: .OP \-\-ocsp uri
! 25: .OP \-\-pathlen len
! 26: .OP \-\-addrblock block
! 27: .OP \-\-nc-permitted name
! 28: .OP \-\-nc-excluded name
! 29: .OP \-\-critical oid
! 30: .OP \-\-policy\-mapping mapping
! 31: .OP \-\-policy\-explicit len
! 32: .OP \-\-policy\-inhibit len
! 33: .OP \-\-policy\-any len
! 34: .OP \-\-cert\-policy oid\ \fR[\fB\-\-cps\-uri\ \fIuri\fR]\ \fR[\fB\-\-user\-notice\ \fItext\fR]
! 35: .OP \-\-outform encoding
! 36: .OP \-\-debug level
! 37: .YS
! 38: .
! 39: .SY pki\ \-\-self
! 40: .BI \-\-options\~ file
! 41: .YS
! 42: .
! 43: .SY "pki \-\-self"
! 44: .B \-h
! 45: |
! 46: .B \-\-help
! 47: .YS
! 48: .
! 49: .SH "DESCRIPTION"
! 50: .
! 51: This sub-command of
! 52: .BR pki (1)
! 53: is used to create a self-signed certificate.
! 54: .
! 55: .SH "OPTIONS"
! 56: .
! 57: .TP
! 58: .B "\-h, \-\-help"
! 59: Print usage information with a summary of the available options.
! 60: .TP
! 61: .BI "\-v, \-\-debug " level
! 62: Set debug level, default: 1.
! 63: .TP
! 64: .BI "\-+, \-\-options " file
! 65: Read command line options from \fIfile\fR.
! 66: .TP
! 67: .BI "\-i, \-\-in " file
! 68: Private key input file. If not given the key is read from \fISTDIN\fR.
! 69: .TP
! 70: .BI "\-x, \-\-keyid " hex
! 71: Smartcard or TPM private key object handle in hex format with an optional
! 72: 0x prefix.
! 73: .TP
! 74: .BI "\-t, \-\-type " type
! 75: Type of the input key. Either \fIpriv\fR, \fIrsa\fR, \fIecdsa\fR, \fIed25519\fR,
! 76: \fIed448\fR or \fIbliss\fR, defaults to \fIpriv\fR.
! 77: .TP
! 78: .BI "\-d, \-\-dn " distinguished-name
! 79: Subject and issuer distinguished name (DN). Required.
! 80: .TP
! 81: .BI "\-a, \-\-san " subjectAltName
! 82: subjectAltName extension to include in certificate. Can be used multiple times.
! 83: .TP
! 84: .BI "\-l, \-\-lifetime " days
! 85: Days the certificate is valid, default: 1095. Ignored if both
! 86: an absolute start and end time are given.
! 87: .TP
! 88: .BI "\-F, \-\-not-before " datetime
! 89: Absolute time when the validity of the certificate begins. The datetime format
! 90: is defined by the
! 91: .B \-\-dateform
! 92: option.
! 93: .TP
! 94: .BI "\-T, \-\-not-after " datetime
! 95: Absolute time when the validity of the certificate ends. The datetime format is
! 96: defined by the
! 97: .B \-\-dateform
! 98: option.
! 99: .TP
! 100: .BI "\-D, \-\-dateform " form
! 101: strptime(3) format for the
! 102: .B \-\-not\-before
! 103: and
! 104: .B \-\-not\-after
! 105: options, default:
! 106: .B %d.%m.%y %T
! 107: .TP
! 108: .BI "\-s, \-\-serial " hex
! 109: Serial number in hex. It is randomly allocated by default.
! 110: .TP
! 111: .BI "\-e, \-\-flag " flag
! 112: Add extendedKeyUsage flag. One of \fIserverAuth\fR, \fIclientAuth\fR,
! 113: \fIcrlSign\fR, or \fIocspSigning\fR. Can be used multiple times.
! 114: .TP
! 115: .BI "\-g, \-\-digest " digest
! 116: Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
! 117: \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
! 118: determined based on the type and size of the signature key.
! 119: .TP
! 120: .BI "\-R, \-\-rsa\-padding " padding
! 121: Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
! 122: to \fIpkcs1\fR.
! 123: .TP
! 124: .BI "\-f, \-\-outform " encoding
! 125: Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
! 126: \fIpem\fR (Base64 PEM), defaults to \fIder\fR.
! 127: .TP
! 128: .BI "\-b, \-\-ca"
! 129: Include CA basicConstraint extension in certificate.
! 130: .TP
! 131: .BI "\-o, \-\-ocsp " uri
! 132: OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple
! 133: times.
! 134: .TP
! 135: .BI "\-p, \-\-pathlen " len
! 136: Set path length constraint.
! 137: .TP
! 138: .BI "\-B, \-\-addrblock " block
! 139: RFC 3779 address block to include in certificate. \fIblock\fR is either a
! 140: CIDR subnet (such as \fI10.0.0.0/8\fR) or an arbitrary address range
! 141: (\fI192.168.1.7-192.168.1.13\fR). Can be repeated to include multiple blocks.
! 142: Please note that the supplied blocks are included in the certificate as is,
! 143: so for standards compliance, multiple blocks must be supplied in correct
! 144: order and adjacent blocks must be combined. Refer to RFC 3779 for details.
! 145: .TP
! 146: .BI "\-n, \-\-nc-permitted " name
! 147: Add permitted NameConstraint extension to certificate. For DNS or email
! 148: constraints, the identity type is not always detectable by the given name. Use
! 149: the
! 150: .B dns:
! 151: or
! 152: .B email:
! 153: prefix to force a constraint type.
! 154: .TP
! 155: .BI "\-N, \-\-nc-excluded " name
! 156: Add excluded NameConstraint extension to certificate. For DNS or email
! 157: constraints, the identity type is not always detectable by the given name. Use
! 158: the
! 159: .B dns:
! 160: or
! 161: .B email:
! 162: prefix to force a constraint type.
! 163: .TP
! 164: .BI "\-X, \-\-critical " oid
! 165: Add a critical extension with the given OID.
! 166: .TP
! 167: .BI "\-M, \-\-policy-mapping " issuer-oid:subject-oid
! 168: Add policyMapping from issuer to subject OID.
! 169: .TP
! 170: .BI "\-E, \-\-policy-explicit " len
! 171: Add requireExplicitPolicy constraint.
! 172: .TP
! 173: .BI "\-H, \-\-policy-inhibit " len
! 174: Add inhibitPolicyMapping constraint.
! 175: .TP
! 176: .BI "\-A, \-\-policy-any " len
! 177: Add inhibitAnyPolicy constraint.
! 178: .PP
! 179: .SS "Certificate Policy"
! 180: Multiple certificatePolicy extensions can be added. Each with the following
! 181: information:
! 182: .TP
! 183: .BI "\-P, \-\-cert-policy " oid
! 184: OID to include in certificatePolicy extension. Required.
! 185: .TP
! 186: .BI "\-C, \-\-cps-uri " uri
! 187: Certification Practice statement URI for certificatePolicy.
! 188: .TP
! 189: .BI "\-U, \-\-user-notice " text
! 190: User notice for certificatePolicy.
! 191: .
! 192: .SH "EXAMPLES"
! 193: .
! 194: Generate a self-signed certificate using the given RSA key:
! 195: .PP
! 196: .EX
! 197: pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
! 198: \-\-san moon.strongswan.org > cert.der
! 199: .EE
! 200: .
! 201: .SH "SEE ALSO"
! 202: .
! 203: .BR pki (1)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pki---self.1.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man