certtool man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

certtool(1)							   certtool(1)

       certtool - Manipulate certificates and keys.

       certtool [options]

       Generate X.509 certificates, certificate requests, and private keys.

   Program control options
       -d, --debug LEVEL
	      Specify the debug level. Default is 1.

       -h, --help
	      Shows this help text

       -v, --version
	      Shows the program's version

   Getting information on X.509 certificates
       -i, --certificate-info
	      Print information on a certificate.

       -k, --key-info
	      Print information on a private key.

       -l, --crl-info
	      Print information on a CRL.

	      Print information on a PKCS #12 structure.

   Getting information on Openpgp certificates
	      Print information on an OpenPGP certificate.

	      Print information on an OpenPGP private key.

	      Print information on a keyring.

   Generating/verifying X.509 certificates/keys
       -c, --generate-certificate
	      Generate a signed certificate.

       -e, --verify-chain
	      Verify a PEM encoded certificate chain.  The last certificate in
	      the chain must be a self signed one.

	      Generate PKCS #3 encoded Diffie-Hellman parameters.

       --load-ca-certificate FILE
	      Certificate authority's certificate file to use.

       --load-ca-privkey FILE
	      Certificate authority's private key file to use.

       --load-certificate FILE
	      Certificate file to use.

       --load-privkey FILE
	      Private key file to use.

       --load-request FILE
	      Certificate request file to use.

       -p, --generate-privkey
	      Generate a private key.

       -q, --generate-request
	      Generate a PKCS #10 certificate request.

       -s, --generate-self-signed
	      Generate a self-signed certificate.

       -u, --update-certificate
	      Update a signed certificate.

   Controlling output
       -8, --pkcs8
	      Use PKCS #8 format for private keys.

       --dsa  Generate a DSA key.

       --bits BITS
	      Specify the number of bits for key generation.

	      Use weak encryption algorithms.

	      Use RAW/DER format for input certificates and private keys.

       --infile FILE
	      Input file.

	      Use RAW/DER format for output certificates and private keys.

       --outfile FILE
	      Output file.

       --password PASSWORD
	      Password to use.

	      Generate a PKCS #12 structure.

	      Use a template file to read input. See the  doc/certtool.cfg  in
	      the distribution, for an example.

	      Some   previous  versions	 of  certtool  generated  wrongly  the
	      optional parameters in a private key. This may  affect  programs
	      that used them. To fix an old private key use --key-info in com‐
	      bination with this parameter.

       --v1   When generating a certificate use the X.509  version  1  format.
	      This  does  not add any extensions (such as indication for a CA)
	      but some programs do need these.

       To create a private key, run:

	      $ certtool --generate-privkey --outfile key.pem

       To create a certificate request (needed when the certificate is	issued
       by another party), run:

	      $ certtool --generate-request --load-privkey key.pem \
		 --outfile request.pem

       To generate a certificate using the previous request, use the command:

	      $ certtool --generate-certificate --load-request request.pem \
		 --outfile cert.pem --load-ca-certificate ca-cert.pem \
		 --load-ca-privkey ca-key.pem

       To generate a certificate using the private key only, use the command:

	      $ certtool --generate-certificate --load-privkey key.pem \
		 --outfile cert.pem --load-ca-certificate ca-cert.pem \
		 --load-ca-privkey ca-key.pem

       To view the certificate information, use:

	      $ certtool --certificate-info --infile cert.pem

       To  generate  a	PKCS #12 structure using the previous key and certifi‐
       cate, use the command:

	      $ certtool --load-certificate cert.pem --load-privkey key.pem \
		 --to-p12 --outder --outfile key.p12

       Nikos	Mavroyanopoulos	   <nmav@gnutls.org>	and    others;	   see
       /usr/share/doc/gnutls-bin/AUTHORS for a complete list.

       This  manual  page  was written by Ivo Timmermans <ivo@debian.org>, for
       the Debian GNU/Linux system (but may be used by others).

				 May 23rd 2005			   certtool(1)

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net