CA.pl man page on AIX
CA.PL(1) OpenSSL CA.PL(1)
CA.pl - friendlier interface for OpenSSL certificate programs
CA.pl [-?] [-h] [-help] [-newcert] [-newreq] [-newreq-nodes] [-newca]
[-xsign] [-sign] [-signreq] [-signcert] [-verify] [files]
The CA.pl script is a perl script that supplies the relevant command
line arguments to the openssl command for some common certificate oper‐
ations. It is intended to simplify the process of certificate creation
and management by the use of some simple options.
?, -h, -help
prints a usage message.
creates a new self signed certificate. The private key and certifi‐
cate are written to the file "newreq.pem".
creates a new certificate request. The private key and request are
written to the file "newreq.pem".
is like -newreq except that the private key will not be encrypted.
creates a new CA hierarchy for use with the ca program (or the
-signcert and -xsign options). The user is prompted to enter the
filename of the CA certificates (which should also contain the pri‐
vate key) or by hitting ENTER details of the CA will be prompted
for. The relevant files and directories are created in a directory
called "demoCA" in the current directory.
create a PKCS#12 file containing the user certificate, private key
and CA certificate. It expects the user certificate and private key
to be in the file "newcert.pem" and the CA certificate to be in the
file demoCA/cacert.pem, it creates a file "newcert.p12". This com‐
mand can thus be called after the -sign option. The PKCS#12 file
can be imported directly into a browser. If there is an additional
argument on the command line it will be used as the "friendly name"
for the certificate (which is typically displayed in the browser
list box), otherwise the name "My Certificate" is used.
-sign, -signreq, -xsign
calls the ca program to sign a certificate request. It expects the
request to be in the file "newreq.pem". The new certificate is
written to the file "newcert.pem" except in the case of the -xsign
option when it is written to standard output.
this option is the same as the -signreq option except it uses the
configuration file section v3_ca and so makes the signed request a
valid CA certificate. This is useful when creating intermediate CA
from a root CA.
this option is the same as -sign except it expects