Annotation of embedaddon/strongswan/src/pki/man/pki---signcrl.1.in, revision 1.1
1.1 ! misho 1: .TH "PKI \-\-SIGNCRL" 1 "2019-05-06" "@PACKAGE_VERSION@" "strongSwan"
! 2: .
! 3: .SH "NAME"
! 4: .
! 5: pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certificate and key
! 6: .
! 7: .SH "SYNOPSIS"
! 8: .
! 9: .SY pki\ \-\-signcrl
! 10: .BI \-\-cakey\~ file |\-\-cakeyid\~ hex
! 11: .BI \-\-cacert\~ file
! 12: .OP \-\-lifetime days
! 13: .OP \-\-this-update datetime
! 14: .OP \-\-next-update datetime
! 15: .OP \-\-lastcrl crl
! 16: .OP \-\-basecrl crl
! 17: .OP \-\-crluri uri
! 18: .OP \-\-digest digest
! 19: .OP \-\-rsa\-padding padding
! 20: .OP \fR[\fB\-\-reason\ \fIreason\fR]\ \fR[\fB\-\-date\ \fIts\fR]\ \fB\-\-cert\ \fIfile\fB|\-\-serial\ \fIhex\fR
! 21: .OP \-\-critical oid
! 22: .OP \-\-outform encoding
! 23: .OP \-\-debug level
! 24: .YS
! 25: .
! 26: .SY pki\ \-\-signcrl
! 27: .BI \-\-options\~ file
! 28: .YS
! 29: .
! 30: .SY "pki \-\-signcrl"
! 31: .B \-h
! 32: |
! 33: .B \-\-help
! 34: .YS
! 35: .
! 36: .SH "DESCRIPTION"
! 37: .
! 38: This sub-command of
! 39: .BR pki (1)
! 40: is used to issue a Certificate Revocation List (CRL) using a CA certificate and
! 41: private key.
! 42: .
! 43: .SH "OPTIONS"
! 44: .
! 45: .TP
! 46: .B "\-h, \-\-help"
! 47: Print usage information with a summary of the available options.
! 48: .TP
! 49: .BI "\-v, \-\-debug " level
! 50: Set debug level, default: 1.
! 51: .TP
! 52: .BI "\-+, \-\-options " file
! 53: Read command line options from \fIfile\fR.
! 54: .TP
! 55: .BI "\-k, \-\-cakey " file
! 56: CA private key file. Either this or
! 57: .B \-\-cakeyid
! 58: is required.
! 59: .TP
! 60: .BI "\-x, \-\-cakeyid " hex
! 61: Smartcard or TPM CA private key object handle in hex format with an optional
! 62: 0x prefix. Either this or
! 63: .B \-\-cakey
! 64: is required.
! 65: .TP
! 66: .BI "\-c, \-\-cacert " file
! 67: CA certificate file. Required.
! 68: .TP
! 69: .BI "\-l, \-\-lifetime " days
! 70: Days until the CRL gets a nextUpdate, default: 15. Ignored if both
! 71: an absolute start and end time are given.
! 72: .TP
! 73: .BI "\-F, \-\-this-update " datetime
! 74: Absolute time when the validity of the CRL begins. The datetime format is
! 75: defined by the
! 76: .B \-\-dateform
! 77: option.
! 78: .TP
! 79: .BI "\-T, \-\-next-update " datetime
! 80: Absolute time when the validity of the CRL end. The datetime format is
! 81: defined by the
! 82: .B \-\-dateform
! 83: option.
! 84: .TP
! 85: .BI "\-D, \-\-dateform " form
! 86: strptime(3) format for the
! 87: .B \-\-this\-update
! 88: and
! 89: .B \-\-next\-update
! 90: options, default:
! 91: .B %d.%m.%y %T
! 92: .TP
! 93: .BI "\-a, \-\-lastcrl " crl
! 94: CRL of lastUpdate to copy revocations from.
! 95: .TP
! 96: .BI "\-b, \-\-basecrl " crl
! 97: Base CRL to create a delta CRL for.
! 98: .TP
! 99: .BI "\-u, \-\-crluri " uri
! 100: Freshest delta CRL URI to include in CRL. Can be used multiple times.
! 101: .TP
! 102: .BI "\-g, \-\-digest " digest
! 103: Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
! 104: \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
! 105: determined based on the type and size of the signature key.
! 106: .TP
! 107: .BI "\-R, \-\-rsa\-padding " padding
! 108: Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
! 109: to \fIpkcs1\fR.
! 110: .TP
! 111: .BI "\-X, \-\-critical " oid
! 112: Add a critical extension with the given OID.
! 113: .TP
! 114: .BI "\-f, \-\-outform " encoding
! 115: Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
! 116: \fIpem\fR (Base64 PEM), defaults to \fIder\fR.
! 117: .PP
! 118: .SS "Revoked Certificates"
! 119: Multiple revoked certificates can be added to the CRL by either providing the
! 120: certificate file or the respective serial number directly.
! 121: A reason and a timestamp can be configured for each revocation (they have to be
! 122: given before each certificate/serial on the command line).
! 123: .TP
! 124: .BI "\-r, \-\-reason " reason
! 125: The reason why the certificate was revoked. One of \fIkey\-compromise\fR,
! 126: \fIca\-compromise\fR, \fIaffiliation\-changed\fR, \fIsuperseded\fR,
! 127: \fIcessation\-of\-operation\fR, or \fIcertificate\-hold\fR.
! 128: .TP
! 129: .BI "\-d, \-\-date " ts
! 130: Revocation date as Unix timestamp. Defaults to the current time.
! 131: .TP
! 132: .BI "\-z, \-\-cert " file
! 133: Certificate file to revoke.
! 134: .TP
! 135: .BI "\-s, \-\-serial " hex
! 136: Hexadecimal encoded serial number of the certificate to revoke.
! 137: .
! 138: .SH "EXAMPLES"
! 139: .
! 140: Revoke a certificate:
! 141: .PP
! 142: .EX
! 143: pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
! 144: \-\-reason superseded \-\-cert cert.der > crl.der
! 145: .EE
! 146: .PP
! 147: Update an existing CRL with two new revocations, using the certificate's serial
! 148: number, but no reason:
! 149: .PP
! 150: .EX
! 151: pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
! 152: \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der
! 153: .EE
! 154: .PP
! 155: .SH "SEE ALSO"
! 156: .
! 157: .BR pki (1)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pki---signcrl.1.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man