crypto-utils/genkey.xml
jorton 582058ab4d - add configuration options for certwatch (#152990)
- allow passing options in certwatch.cron via $CERTWATCH_OPTS
- require openssl with /etc/pki/tls
2005-04-26 09:20:45 +00:00

116 lines
3.4 KiB
XML

<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry>
<refentryinfo>
<productname>crypto-utils</productname>
<date>April 2005</date>
</refentryinfo>
<refmeta>
<refentrytitle>genkey</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>genkey</refname>
<refpurpose>generate SSL certificates and certificate requests</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>genkey</command>
<arg><option>--test</option></arg>
<arg><option>--days <replaceable>count</replaceable></option></arg>
<group>
<arg><option>--genreq</option></arg>
<arg><option>--makeca</option></arg>
</group>
<arg choice="req"><replaceable>hostname</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>genkey</command> is an interactive command-line
tool which can be used to generate SSL certificates or Certificate
Signing Requests (CSR). Generated certificates are stored in the
directory <filename>/usr/share/ssl/certs/</filename>, and the
corresponding private key in
<filename>/usr/share/ssl/private/</filename>. </para>
<para><command>genkey</command> will prompt for the size of key
desired; whether or not to generate a CSR; whether or not an
encrypted private key is desired; the certificate subject DN
details.</para>
<para><command>genkey</command> generates random data for the
private key using the truerand library and also by prompting the
user for entry of random text.</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>--makceca</option></term>
<listitem><simpara>Generate a Certificate Authority
keypair.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--genreq</option></term>
<listitem><simpara>Generate a Certificate Signing Request for
an existing private key, which can be submitted to a CA (for
example, for renewal).</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--days</option> <replaceable>count</replaceable></term>
<listitem><simpara>When generating a self-signed certificate,
specify that the number of days for which the certificate is
valid be <replaceable>count</replaceable> rather than the default
value of 30.</simpara></listitem>
</varlistentry>
<varlistentry>
<term><option>--test</option></term>
<listitem><simpara>For test purposes only; omit the slow
process of generating random data.</simpara></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Examples</title>
<para>The following example will create a self-signed certificate
and private key for the hostname
<literal>www.example.com</literal>:
<programlisting>
# genkey --days 120 www.example.com
</programlisting>
</para>
</refsect1>
<refsect1>
<title>Files</title>
<para><filename>/etc/pki/tls/openssl.cnf</filename></para>
</refsect1>
<refsect1>
<title>See also</title>
<para>certwatch(8)</para>
</refsect1>
</refentry>