| CA.pl.1 (206048) | CA.pl.1 (215698) |
|---|---|
| 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 | 1.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) |
| 2.\" 3.\" Standard preamble: 4.\" ======================================================================== | 2.\" 3.\" Standard preamble: 4.\" ======================================================================== |
| 5.de Sh \" Subsection heading 6.br 7.if t .Sp 8.ne 5 9.PP 10\fB\\$1\fR 11.PP 12.. | |
| 13.de Sp \" Vertical space (when we can't use .PP) 14.if t .sp .5v 15.if n .sp 16.. 17.de Vb \" Begin verbatim text 18.ft CW 19.nf 20.ne \\$1 21.. 22.de Ve \" End verbatim text 23.ft R 24.fi 25.. 26.\" Set up some character translations and predefined strings. \*(-- will 27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left | 5.de Sp \" Vertical space (when we can't use .PP) 6.if t .sp .5v 7.if n .sp 8.. 9.de Vb \" Begin verbatim text 10.ft CW 11.nf 12.ne \\$1 13.. 14.de Ve \" End verbatim text 15.ft R 16.fi 17.. 18.\" Set up some character translations and predefined strings. \*(-- will 19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left |
| 28.\" double quote, and \*(R" will give a right double quote. | will give a 29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to 30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' 31.\" expand to `' in nroff, nothing in troff, for use with C<>. 32.tr \(*W-|\(bv\*(Tr | 20.\" double quote, and \*(R" will give a right double quote. \*(C+ will 21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and 22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, 23.\" nothing in troff, for use with C<>. 24.tr \(*W- |
| 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 34.ie n \{\ 35. ds -- \(*W- 36. ds PI pi 37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 39. ds L" "" 40. ds R" "" 41. ds C` "" 42. ds C' "" 43'br\} 44.el\{\ 45. ds -- \|\(em\| 46. ds PI \(*p 47. ds L" `` 48. ds R" '' 49'br\} 50.\" | 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' 26.ie n \{\ 27. ds -- \(*W- 28. ds PI pi 29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch 30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch 31. ds L" "" 32. ds R" "" 33. ds C` "" 34. ds C' "" 35'br\} 36.el\{\ 37. ds -- \|\(em\| 38. ds PI \(*p 39. ds L" `` 40. ds R" '' 41'br\} 42.\" |
| 43.\" Escape single quotes in literal strings from groff's Unicode transform. 44.ie \n(.g .ds Aq \(aq 45.el .ds Aq ' 46.\" |
|
| 51.\" If the F register is turned on, we'll generate index entries on stderr for | 47.\" If the F register is turned on, we'll generate index entries on stderr for |
| 52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index | 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index |
| 53.\" entries marked with X<> in POD. Of course, you'll have to process the 54.\" output yourself in some meaningful fashion. | 49.\" entries marked with X<> in POD. Of course, you'll have to process the 50.\" output yourself in some meaningful fashion. |
| 55.if \nF \{\ | 51.ie \nF \{\ |
| 56. de IX 57. tm Index:\\$1\t\\n%\t"\\$2" 58.. 59. nr % 0 60. rr F 61.\} | 52. de IX 53. tm Index:\\$1\t\\n%\t"\\$2" 54.. 55. nr % 0 56. rr F 57.\} |
| 58.el \{\ 59. de IX 60.. 61.\} |
|
| 62.\" | 62.\" |
| 63.\" For nroff, turn off justification. Always turn off hyphenation; it makes 64.\" way too many mistakes in technical documents. 65.hy 0 66.if n .na 67.\" | |
| 68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 69.\" Fear. Run. Save yourself. No user-serviceable parts. 70. \" fudge factors for nroff and troff 71.if n \{\ 72. ds #H 0 73. ds #V .8m 74. ds #F .3m 75. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 124. ds Th \o'LP' 125. ds ae ae 126. ds Ae AE 127.\} 128.rm #[ #] #H #V #F C 129.\" ======================================================================== 130.\" 131.IX Title "CA.PL 1" | 63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). 64.\" Fear. Run. Save yourself. No user-serviceable parts. 65. \" fudge factors for nroff and troff 66.if n \{\ 67. ds #H 0 68. ds #V .8m 69. ds #F .3m 70. ds #[ \f1 --- 48 unchanged lines hidden (view full) --- 119. ds Th \o'LP' 120. ds ae ae 121. ds Ae AE 122.\} 123.rm #[ #] #H #V #F C 124.\" ======================================================================== 125.\" 126.IX Title "CA.PL 1" |
| 132.TH CA.PL 1 "2010-03-24" "0.9.8n" "OpenSSL" | 127.TH CA.PL 1 "2010-11-16" "0.9.8p" "OpenSSL" 128.\" For nroff, turn off justification. Always turn off hyphenation; it makes 129.\" way too many mistakes in technical documents. 130.if n .ad l 131.nh |
| 133.SH "NAME" 134CA.pl \- friendlier interface for OpenSSL certificate programs 135.SH "SYNOPSIS" 136.IX Header "SYNOPSIS" 137\&\fB\s-1CA\s0.pl\fR 138[\fB\-?\fR] 139[\fB\-h\fR] 140[\fB\-help\fR] --- 59 unchanged lines hidden (view full) --- 200is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. 201.IP "\fB\-signcert\fR" 4 202.IX Item "-signcert" 203this option is the same as \fB\-sign\fR except it expects a self signed certificate 204to be present in the file \*(L"newreq.pem\*(R". 205.IP "\fB\-verify\fR" 4 206.IX Item "-verify" 207verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates | 132.SH "NAME" 133CA.pl \- friendlier interface for OpenSSL certificate programs 134.SH "SYNOPSIS" 135.IX Header "SYNOPSIS" 136\&\fB\s-1CA\s0.pl\fR 137[\fB\-?\fR] 138[\fB\-h\fR] 139[\fB\-help\fR] --- 59 unchanged lines hidden (view full) --- 199is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. 200.IP "\fB\-signcert\fR" 4 201.IX Item "-signcert" 202this option is the same as \fB\-sign\fR except it expects a self signed certificate 203to be present in the file \*(L"newreq.pem\*(R". 204.IP "\fB\-verify\fR" 4 205.IX Item "-verify" 206verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates |
| 208are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". | 207are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". |
| 209.IP "\fBfiles\fR" 4 210.IX Item "files" 211one or more optional certificate file names for use with the \fB\-verify\fR command. 212.SH "EXAMPLES" 213.IX Header "EXAMPLES" 214Create a \s-1CA\s0 hierarchy: 215.PP 216.Vb 1 | 208.IP "\fBfiles\fR" 4 209.IX Item "files" 210one or more optional certificate file names for use with the \fB\-verify\fR command. 211.SH "EXAMPLES" 212.IX Header "EXAMPLES" 213Create a \s-1CA\s0 hierarchy: 214.PP 215.Vb 1 |
| 217\& CA.pl -newca | 216\& CA.pl \-newca |
| 218.Ve 219.PP 220Complete certificate creation example: create a \s-1CA\s0, create a request, sign 221the request and finally create a PKCS#12 file containing it. 222.PP 223.Vb 4 | 217.Ve 218.PP 219Complete certificate creation example: create a \s-1CA\s0, create a request, sign 220the request and finally create a PKCS#12 file containing it. 221.PP 222.Vb 4 |
| 224\& CA.pl -newca 225\& CA.pl -newreq 226\& CA.pl -signreq 227\& CA.pl -pkcs12 "My Test Certificate" | 223\& CA.pl \-newca 224\& CA.pl \-newreq 225\& CA.pl \-signreq 226\& CA.pl \-pkcs12 "My Test Certificate" |
| 228.Ve 229.SH "DSA CERTIFICATES" 230.IX Header "DSA CERTIFICATES" 231Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to 232use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command 233directly. The following example shows the steps that would typically be taken. 234.PP 235Create some \s-1DSA\s0 parameters: 236.PP 237.Vb 1 | 227.Ve 228.SH "DSA CERTIFICATES" 229.IX Header "DSA CERTIFICATES" 230Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to 231use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command 232directly. The following example shows the steps that would typically be taken. 233.PP 234Create some \s-1DSA\s0 parameters: 235.PP 236.Vb 1 |
| 238\& openssl dsaparam -out dsap.pem 1024 | 237\& openssl dsaparam \-out dsap.pem 1024 |
| 239.Ve 240.PP 241Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: 242.PP 243.Vb 1 | 238.Ve 239.PP 240Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: 241.PP 242.Vb 1 |
| 244\& openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem | 243\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem |
| 245.Ve 246.PP 247Create the \s-1CA\s0 directories and files: 248.PP 249.Vb 1 | 244.Ve 245.PP 246Create the \s-1CA\s0 directories and files: 247.PP 248.Vb 1 |
| 250\& CA.pl -newca | 249\& CA.pl \-newca |
| 251.Ve 252.PP 253enter cacert.pem when prompted for the \s-1CA\s0 file name. 254.PP 255Create a \s-1DSA\s0 certificate request and private key (a different set of parameters 256can optionally be created first): 257.PP 258.Vb 1 | 250.Ve 251.PP 252enter cacert.pem when prompted for the \s-1CA\s0 file name. 253.PP 254Create a \s-1DSA\s0 certificate request and private key (a different set of parameters 255can optionally be created first): 256.PP 257.Vb 1 |
| 259\& openssl req -out newreq.pem -newkey dsa:dsap.pem | 258\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem |
| 260.Ve 261.PP 262Sign the request: 263.PP 264.Vb 1 | 259.Ve 260.PP 261Sign the request: 262.PP 263.Vb 1 |
| 265\& CA.pl -signreq | 264\& CA.pl \-signreq |
| 266.Ve 267.SH "NOTES" 268.IX Header "NOTES" 269Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. 270.PP 271If the demoCA directory already exists then the \fB\-newca\fR command will not 272overwrite it and will do nothing. This can happen if a previous call using 273the \fB\-newca\fR option terminated abnormally. To get the correct behaviour 274delete the demoCA directory if it already exists. 275.PP 276Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script 277directly (for example Win32) and the default configuration file location may 278be wrong. In this case the command: 279.PP 280.Vb 1 | 265.Ve 266.SH "NOTES" 267.IX Header "NOTES" 268Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. 269.PP 270If the demoCA directory already exists then the \fB\-newca\fR command will not 271overwrite it and will do nothing. This can happen if a previous call using 272the \fB\-newca\fR option terminated abnormally. To get the correct behaviour 273delete the demoCA directory if it already exists. 274.PP 275Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script 276directly (for example Win32) and the default configuration file location may 277be wrong. In this case the command: 278.PP 279.Vb 1 |
| 281\& perl -S CA.pl | 280\& perl \-S CA.pl |
| 282.Ve 283.PP 284can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to 285the correct path of the configuration file \*(L"openssl.cnf\*(R". 286.PP 287The script is intended as a simple front end for the \fBopenssl\fR program for use 288by a beginner. Its behaviour isn't always what is wanted. For more control over the 289behaviour of the certificate commands call the \fBopenssl\fR command directly. 290.SH "ENVIRONMENT VARIABLES" 291.IX Header "ENVIRONMENT VARIABLES" 292The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration 293file location to be specified, it should contain the full path to the 294configuration file, not just its directory. 295.SH "SEE ALSO" 296.IX Header "SEE ALSO" 297\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1), 298\&\fIconfig\fR\|(5) | 281.Ve 282.PP 283can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to 284the correct path of the configuration file \*(L"openssl.cnf\*(R". 285.PP 286The script is intended as a simple front end for the \fBopenssl\fR program for use 287by a beginner. Its behaviour isn't always what is wanted. For more control over the 288behaviour of the certificate commands call the \fBopenssl\fR command directly. 289.SH "ENVIRONMENT VARIABLES" 290.IX Header "ENVIRONMENT VARIABLES" 291The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration 292file location to be specified, it should contain the full path to the 293configuration file, not just its directory. 294.SH "SEE ALSO" 295.IX Header "SEE ALSO" 296\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1), 297\&\fIconfig\fR\|(5) |