CA.pl man page on AIX

Man page or keyword search:  
man Server   4752 pages
apropos Keyword Search (all sections)
Output format
AIX logo
[printable version]

CA.PL(1)			    OpenSSL			      CA.PL(1)

NAME
       CA.pl - friendlier interface for OpenSSL certificate programs

SYNOPSIS
       CA.pl [-?]  [-h] [-help] [-newcert] [-newreq] [-newreq-nodes] [-newca]
       [-xsign] [-sign] [-signreq] [-signcert] [-verify] [files]

DESCRIPTION
       The CA.pl script is a perl script that supplies the relevant command
       line arguments to the openssl command for some common certificate oper‐
       ations.	It is intended to simplify the process of certificate creation
       and management by the use of some simple options.

COMMAND OPTIONS
       ?, -h, -help
	   prints a usage message.

       -newcert
	   creates a new self signed certificate. The private key and certifi‐
	   cate are written to the file "newreq.pem".

       -newreq
	   creates a new certificate request. The private key and request are
	   written to the file "newreq.pem".

       -newreq-nodes
	   is like -newreq except that the private key will not be encrypted.

       -newca
	   creates a new CA hierarchy for use with the ca program (or the
	   -signcert and -xsign options). The user is prompted to enter the
	   filename of the CA certificates (which should also contain the pri‐
	   vate key) or by hitting ENTER details of the CA will be prompted
	   for. The relevant files and directories are created in a directory
	   called "demoCA" in the current directory.

       -pkcs12
	   create a PKCS#12 file containing the user certificate, private key
	   and CA certificate. It expects the user certificate and private key
	   to be in the file "newcert.pem" and the CA certificate to be in the
	   file demoCA/cacert.pem, it creates a file "newcert.p12". This com‐
	   mand can thus be called after the -sign option. The PKCS#12 file
	   can be imported directly into a browser.  If there is an additional
	   argument on the command line it will be used as the "friendly name"
	   for the certificate (which is typically displayed in the browser
	   list box), otherwise the name "My Certificate" is used.

       -sign, -signreq, -xsign
	   calls the ca program to sign a certificate request. It expects the
	   request to be in the file "newreq.pem". The new certificate is
	   written to the file "newcert.pem" except in the case of the -xsign
	   option when it is written to standard output.

       -signCA
	   this option is the same as the -signreq option except it uses the
	   configuration file section v3_ca and so makes the signed request a
	   valid CA certificate. This is useful when creating intermediate CA
	   from a root CA.

       -signcert
	   this option is the same as -sign except it expects