ultrix man page for makecert

Ultrix Man Pages All Man Pages Latest Topics Forum Categories

Query: makecert

OS: ultrix

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

Mono(MakeCert)															    Mono(MakeCert)


NAME

       MakeCert - Create X.509 certificates for test purposes


SYNOPSIS

       makecert [options] certificate


DESCRIPTION

       Create  an  X.509 certificate using the provided informations. This is useful for testing Authenticode signatures, SSL and S/MIME technolo-
       gies.


PARAMETERS

       -# num Specify the certificate serial number.

       -n dn  Specify the subject Distinguished Name (DN).

       -in dn Specify the issuer Distinguished Name (DN).

       -r     Create a self-signed, also called root, certificate.

       -iv pvkfile
	      Specify the private key file (.PVK) for the issuer. The private key in the specified file will be used to sign the new certificate.

       -ic certfile
	      Extract the issuer's name from the specified certificate file - i.e. the subject name  of  the  specified  certificate  becomes  the
	      issuer name of the new certificate.

       -in name
	      Use the issuer's name from the specified parameter.

       -ik container
	      Specify the key container name to be used for the issuer.

       -iky [signature | exchange | #]
	      Specify the key number to be used in the provider (when used with -ik).

       -ip provider
	      Specify the cryptographic provider to be used for the issuer.

       -ir [localmachine | currentuser]
	      Specify the provider will search the user or the machine keys containers for the issuer.

       -iy number
	      Specify the provider type to be used for the issuer.

       -sv pkvfile
	      Specify  the  private  key file (.PVK) for the subject. The public part of the key will be inserted into the created certificate. If
	      non-existant the specified file will be created with a new key pair (default to 1024 bits RSA key pair).

       -sk container
	      Specify the key container name to be used for the subject.

       -sky [signature | exchange | #]
	      Specify the key number to be used in the provider (when used with -sk).

       -sp provider
	      Specify the cryptographic provider to be used for the subject.

       -sr [localmachine | currentuser]
	      Specify the provider will search the user or the machine keys containers for the subject.

       -sy number
	      Specify the provider type to be used for the issuer.

       -a hash
	      Select hash algorithm. Only MD5 and SHA1 algorithms are supported.

       -b date
	      The date since when the certificate is valid (notBefore).

       -e date
	      The date until when the certificate is valid (notAfter).

       -m number
	      Specify the certificate validity period in months. This is added to the notBefore validity date which can be set	with  -b  or  will
	      default to the current date/time.

       -cy [authority|end]
	      Basic  constraints.  Select  Authority or End-Entity certificate. Only Authority certificates can be used to sign other certificates
	      (-ic). End-Entity can be used by clients (e.g. Authenticode, S/MIME) or servers (e.g. SSL).

       -h number
	      Add a path length restriction to the certificate chain. This is only applicable for certificates that have  BasicConstraint  set	to
	      Authority (-cy authority). This is used to limit the chain of certificates than can be issued under this authority.

       -eku oid[,oid]
	      Add some extended key usage OID to the certificate.

       -p12 pkcs12file password
	      Create  a new PKCS#12 file containing both the certificates (the subject and possibly the issuer's) and the private key. The PKCS#12
	      file is protected with the specified password. This option is mono exclusive.

       -?     Help (display this help message)

       -!     Extended help (for advanced options)


EXAMPLES

       To create a SSL test (i.e. non trusted) certificate is easy once your know your host's name. The following command will create a test  cer-
       tificate for an SSL server:
	    $ hostname
	    pollux

	    $ makecert -r -eku 1.3.6.1.5.5.7.3.1 -n "CN=pollux" -sv pollux.pvk pollux.cer
	    Success

       In particular in the above example, the parameters used to build this test certificate were:

       -r     Create a self-signed certificate (i.e. without an hierarchy).

       -eku 1.3.6.1.5.5.7.3.1
	      Optional (as sadly most client don't require it). This indicates that your certificate is intended for server-side authentication.

       -n     Common  Name  (CN)  =  Host name. This is verified the SSL client and must match the connected host (or else you'll get a warning or
	      error or *gasp* nothing).

       -sv private.key
	      The private key file. The key (1024 bits RSA key pair) will be automatically generated if the specified file isn't present.

       pollux.cer
	      The SSL certificate to be created for your host.


KNOWN RESTRICTIONS

       Compared to the Windows version some options aren't supported (-$, -d, -l, -nscp, -is, -sc, -ss). Also PVK files with passwords aren't sup-
       ported.


AUTHOR

       Written by Sebastien Pouliot


COPYRIGHT

       Copyright (C) 2003 Motus Technologies.  Copyright (C) 2004-2005 Novell.	Released under BSD license.


MAILING LISTS

       Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.


WEB SITE

       Visit http://www.mono-project.com for details


SEE ALSO

       signcode(1)

																    Mono(MakeCert)
Related Man Pages
makecert(1) - suse
makecert(1) - x11r4
makecert(1) - xfree86
makecert(1) - redhat
makecert(1) - opensolaris