centos man page for strongimcv_pki---self

Centos Man Pages All Man Pages Latest Topics Forum Categories

Query: strongimcv_pki---self

OS: centos

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

PKI --SELF(1)							    strongSwan							     PKI --SELF(1)


NAME

       pki --self - Create a self-signed certificate


SYNOPSIS

       pki --self [--in file|--keyid hex] [--type t] --dn distinguished-name [--san subjectAltName] [--lifetime days] [--serial hex] [--flag flag]
		  [--digest digest] [--ca] [--ocsp uri] [--pathlen len] [--nc-permitted name] [--nc-excluded name] [--policy-mapping mapping]
		  [--policy-explicit len] [--policy-inhibit len] [--policy-any len] [--cert-policy oid [--cps-uri uri] [--user-notice text]]
		  [--outform encoding] [--debug level]

       pki --self --options file

       pki --self -h | --help


DESCRIPTION

       This sub-command of pki(1) is used to create a self-signed certificate.


OPTIONS

       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -i, --in file
	      Private key input file. If not given the key is read from STDIN.

       -x, --keyid hex
	      Key ID of a private key on a smartcard.

       -t, --type type
	      Type of the input key. Either rsa or ecdsa, defaults to rsa.

       -d, --dn distinguished-name
	      Subject and issuer distinguished name (DN). Required.

       -a, --san subjectAltName
	      subjectAltName extension to include in certificate. Can be used multiple times.

       -l, --lifetime days
	      Days the certificate is valid, default: 1095.

       -s, --serial hex
	      Serial number in hex. It is randomly allocated by default.

       -e, --flag flag
	      Add extendedKeyUsage flag. One of serverAuth, clientAuth, crlSign, or ocspSigning. Can be used multiple times.

       -g, --digest digest
	      Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.

       -f, --outform encoding
	      Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

       -b, --ca
	      Include CA basicConstraint extension in certificate.

       -o, --ocsp uri
	      OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple times.

       -p, --pathlen len
	      Set path length constraint.

       -n, --nc-permitted name
	      Add permitted NameConstraint extension to certificate.

       -N, --nc-excluded name
	      Add excluded NameConstraint extension to certificate.

       -M, --policy-mapping issuer-oid:subject-oid
	      Add policyMapping from issuer to subject OID.

       -E, --policy-explicit len
	      Add requireExplicitPolicy constraint.

       -H, --policy-inhibit len
	      Add inhibitPolicyMapping constraint.

       -A, --policy-any len
	      Add inhibitAnyPolicy constraint.

   Certificate Policy
       Multiple certificatePolicy extensions can be added. Each with the following information:

       -P, --cert-policy oid
	      OID to include in certificatePolicy extension. Required.

       -C, --cps-uri uri
	      Certification Practice statement URI for certificatePolicy.

       -U, --user-notice text
	      User notice for certificatePolicy.


EXAMPLES

       Generate a self-signed certificate using the given RSA key:

	 pki --self --in key.der --dn "C=CH, O=strongSwan, CN=moon" 
	     --san moon.strongswan.org > cert.der


SEE ALSO

       pki(1)

5.1.1								    2013-07-31							     PKI --SELF(1)
Related Man Pages
hx509_ca_tbs_set_domaincontroller(3) - freebsd
strongimcv_pki---issue(8) - centos
strongimcv_pki---signcrl(1) - centos
strongimcv_pki(1) - centos
hx509_ca_sign(3) - freebsd
Similar Topics in the Unix Linux Community
san luns controller problem
mirror external scsi to san
ibm san cache battery with aix
wwpn of san on aix
EJBCA, J2EE PKI Certificate Authority: 3.8.1 released