certtool man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

certtool(1)							   certtool(1)

NAME
       certtool - Manipulate certificates and keys.

SYNOPSIS
       certtool [options]

DESCRIPTION
       Generate X.509 certificates, certificate requests, and private keys.

OPTIONS
   Program control options
       -d, --debug LEVEL
	      Specify the debug level. Default is 1.

       -h, --help
	      Shows this help text

       -v, --version
	      Shows the program's version

   Getting information on X.509 certificates
       -i, --certificate-info
	      Print information on a certificate.

       -k, --key-info
	      Print information on a private key.

       -l, --crl-info
	      Print information on a CRL.

       --p12-info
	      Print information on a PKCS #12 structure.

   Getting information on Openpgp certificates
       --pgp--certificate-info
	      Print information on an OpenPGP certificate.

       --pgp--key-info
	      Print information on an OpenPGP private key.

       --pgp--ring-info
	      Print information on a keyring.

   Generating/verifying X.509 certificates/keys
       -c, --generate-certificate
	      Generate a signed certificate.

       -e, --verify-chain
	      Verify a PEM encoded certificate chain.  The last certificate in
	      the chain must be a self signed one.

       --generate-dh-params
	      Generate PKCS #3 encoded Diffie-Hellman parameters.

       --load-ca-certificate FILE
	      Certificate authority's certificate file to use.

       --load-ca-privkey FILE
	      Certificate authority's private key file to use.

       --load-certificate FILE
	      Certificate file to use.

       --load-privkey FILE
	      Private key file to use.

       --load-request FILE
	      Certificate request file to use.

       -p, --generate-privkey
	      Generate a private key.

       -q, --generate-request
	      Generate a PKCS #10 certificate request.

       -s, --generate-self-signed
	      Generate a self-signed certificate.

       -u, --update-certificate
	      Update a signed certificate.

   Controlling output
       -8, --pkcs8
	      Use PKCS #8 format for private keys.

       --dsa  Generate a DSA key.

       --bits BITS
	      Specify the number of bits for key generation.

       --export-ciphers
	      Use weak encryption algorithms.

       --inraw
	      Use RAW/DER format for input certificates and private keys.

       --infile FILE
	      Input file.

       --outraw
	      Use RAW/DER format for output certificates and private keys.

       --outfile FILE
	      Output file.

       --password PASSWORD
	      Password to use.

       --to-p12
	      Generate a PKCS #12 structure.

       --template
	      Use a template file to read input. See the  doc/certtool.cfg  in
	      the distribution, for an example.

       --fix-key
	      Some   previous  versions	 of  certtool  generated  wrongly  the
	      optional parameters in a private key. This may  affect  programs
	      that used them. To fix an old private key use --key-info in com‐
	      bination with this parameter.

       --v1   When generating a certificate use the X.509  version  1  format.
	      This  does  not add any extensions (such as indication for a CA)
	      but some programs do need these.

EXAMPLES
       To create a private key, run:

	      $ certtool --generate-privkey --outfile key.pem

       To create a certificate request (needed when the certificate is	issued
       by another party), run:

	      $ certtool --generate-request --load-privkey key.pem \
		 --outfile request.pem

       To generate a certificate using the previous request, use the command:

	      $ certtool --generate-certificate --load-request request.pem \
		 --outfile cert.pem --load-ca-certificate ca-cert.pem \
		 --load-ca-privkey ca-key.pem

       To generate a certificate using the private key only, use the command:

	      $ certtool --generate-certificate --load-privkey key.pem \
		 --outfile cert.pem --load-ca-certificate ca-cert.pem \
		 --load-ca-privkey ca-key.pem

       To view the certificate information, use:

	      $ certtool --certificate-info --infile cert.pem

       To  generate  a	PKCS #12 structure using the previous key and certifi‐
       cate, use the command:

	      $ certtool --load-certificate cert.pem --load-privkey key.pem \
		 --to-p12 --outder --outfile key.p12

AUTHOR
       Nikos	Mavroyanopoulos	   <nmav@gnutls.org>	and    others;	   see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

       This  manual  page  was written by Ivo Timmermans <ivo@debian.org>, for
       the Debian GNU/Linux system (but may be used by others).

				 May 23rd 2005			   certtool(1)
[top]

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net