crypto-utils/genkey.xml

<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [

<!ENTITY date SYSTEM "date.xml">
<!ENTITY version SYSTEM "version.xml">

]>

<refentry>

  <refentryinfo>
    <date>&date;</date>
    <title>Cryptography Utilities</title>
    <productname>crypto-utils</productname>
    <productnumber>&version;</productnumber>
  </refentryinfo>

  <refmeta>
    <refentrytitle>genkey</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>genkey</refname>
    <refpurpose>generate SSL certificates and certificate requests</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>genkey</command>
      <arg><option>--test</option></arg>
      <arg><option>--days <replaceable>count</replaceable></option></arg>
      <group>
        <arg><option>--genreq</option></arg>
        <arg><option>--makeca</option></arg>
      </group>
      <group>
        <arg><option>--nss</option></arg>
        <arg><option>--debug</option>
      </group>
      <arg choice="req"><replaceable>hostname</replaceable></arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>genkey</command> is an interactive command-line
    tool which can be used to generate SSL certificates or Certificate
    Signing Requests (CSR).  Generated certificates are stored in the
    directory <filename>/etc/pki/tls/certs/</filename>, and the
    corresponding private key in
    <filename>/etc/pki/tls/private/</filename>. If using mod_nss
    they are stored in the nss key and certficate databases. </para>

    <para><command>genkey</command> will prompt for the size of key
    desired; whether or not to generate a CSR; whether or not an
    encrypted private key is desired; the certificate subject DN
    details.</para>

    <para><command>genkey</command> generates random data for the
    private key using the truerand library and also by prompting the
    user for entry of random text.</para>

    <para><option>nss</option> indicates that mod_nss database 
    should be used to store keys and certificates.</para>

    <para><option>debug</option> set this flag to enable debug logs.</para>

  </refsect1>
  
  <refsect1>
    <title>Options</title>
    
    <variablelist>
      <varlistentry>
        <term><option>--makeca</option></term>
        <listitem><simpara>Generate a Certificate Authority
        keypair.</simpara></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--genreq</option></term>
        <listitem><simpara>Generate a Certificate Signing Request for
        an existing private key, which can be submitted to a CA (for
        example, for renewal).</simpara></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--days</option> <replaceable>count</replaceable></term>
        <listitem><simpara>When generating a self-signed certificate,
        specify that the number of days for which the certificate is
        valid be <replaceable>count</replaceable> rather than the default
        value of 30.</simpara></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--test</option></term>
        <listitem><simpara>For test purposes only; omit the slow
        process of generating random data.</simpara></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <para>The following example will create a self-signed certificate
    and private key for the hostname
    <literal>www.example.com</literal>:

      <programlisting>
        # genkey --days 120 www.example.com
      </programlisting>

    </para>
  </refsect1>    

  <refsect1>
    <title>Files</title>

    <para><filename>/etc/pki/tls/openssl.cnf</filename></para>

  </refsect1>

  <refsect1>
    <title>See also</title>

    <para>certwatch(1), keyrand(1)</para>
  </refsect1>

</refentry>

<!-- LocalWords:  keypair certwatch
-->