EJBCA, J2EE PKI Certificate Authority: 3.8.1 released

4 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Does vsftpd support user access with client certificate with priv/pub key + vsftpd certificate?

:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl. I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key. I don't see google posts about the my plan...

2. Programming

J2EE prerequisites

Hi guys, I'm going to start studding about J2EE in a couple of weeks. I have no idea about its technologies. what prerequisites do i need. I only know java and have basic knowledge about HTML. I have a solid knowledge on database. 1. Do i need java script or CSS knowledge for JSP and JSF? 2....

3. Solaris

PKI/CAC on Solaris 10 w/ Apache

I am looking for someone who has implemented CAC/PKI authentication on Apache 2.2.x and Solaris 10. Not Linux. I need to compare notes and my plan of attack.

4. Solaris

J2EE 1.4 on Solaris 8

Hi, I'm tryng to install the J2EE 1.4 on Solaris 8, but I'm getting an error message, saying I don't have enough space on the device....but I DO have...heres a df -k: I'm trying to install in /export/home....... Help??

LEARN ABOUT CENTOS

strongimcv_pki---issue

PKI --ISSUE(8)							    strongSwan							    PKI --ISSUE(8)

NAME

       pki --issue - Issue a certificate using a CA certificate and key

SYNOPSIS

       pki --issue [--in file] [--type type] --cakey file|--cakeyid hex --cacert file [--dn subject-dn] [--san subjectAltName] [--lifetime days]
		   [--serial hex] [--flag flag] [--digest digest] [--ca] [--crl uri [--crlissuer issuer]] [--ocsp uri] [--pathlen len] [--nc-
		   permitted name] [--nc-excluded name] [--policy-mapping mapping] [--policy-explicit len] [--policy-inhibit len]
		   [--policy-any len] [--cert-policy oid [--cps-uri uri] [--user-notice text]] [--outform encoding] [--debug level]

       pki --issue --options file

       pki --issue -h | --help

DESCRIPTION

       This sub-command of pki(1) is used to issue a certificate using a CA certificate and private key.

OPTIONS

       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -i, --in file
	      Public key or PKCS#10 certificate request file to issue. If not given the key/request is read from STDIN.

       -t, --type type
	      Type of the input. Either pub for a public key, or pkcs10 for a PKCS#10 certificate request, defaults to pub.

       -k, --cakey file
	      CA private key file. Either this or --cakeyid is required.

       -x, --cakeyid hex
	      Key ID of a CA private key on a smartcard. Either this or --cakey is required.

       -c, --cacert file
	      CA certificate file. Required.

       -d, --dn subject-dn
	      Subject distinguished name (DN) of the issued certificate.

       -a, --san subjectAltName
	      subjectAltName extension to include in certificate. Can be used multiple times.

       -l, --lifetime days
	      Days the certificate is valid, default: 1095.

       -s, --serial hex
	      Serial number in hex. It is randomly allocated by default.

       -e, --flag flag
	      Add extendedKeyUsage flag. One of serverAuth, clientAuth, crlSign, or ocspSigning. Can be used multiple times.

       -g, --digest digest
	      Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.

       -f, --outform encoding
	      Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

       -b, --ca
	      Include CA basicConstraint extension in certificate.

       -u, --crl uri
	      CRL distribution point URI to include in certificate. Can be used multiple times.

       -I, --crlissuer issuer
	      Optional CRL issuer for the CRL at the preceding distribution point.

       -o, --ocsp uri
	      OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple times.

       -p, --pathlen len
	      Set path length constraint.

       -n, --nc-permitted name
	      Add permitted NameConstraint extension to certificate.

       -N, --nc-excluded name
	      Add excluded NameConstraint extension to certificate.

       -M, --policy-mapping issuer-oid:subject-oid
	      Add policyMapping from issuer to subject OID.

       -E, --policy-explicit len
	      Add requireExplicitPolicy constraint.

       -H, --policy-inhibit len
	      Add inhibitPolicyMapping constraint.

       -A, --policy-any len
	      Add inhibitAnyPolicy constraint.

   Certificate Policy
       Multiple certificatePolicy extensions can be added. Each with the following information:

       -P, --cert-policy oid
	      OID to include in certificatePolicy extension. Required.

       -C, --cps-uri uri
	      Certification Practice statement URI for certificatePolicy.

       -U, --user-notice text
	      User notice for certificatePolicy.

EXAMPLES

       To save repetitive typing, command line options can be stored in files.	Lets assume pki.opt contains the following contents:

	 --cacert ca_cert.der --cakey ca_key.der --digest sha256
	 --flag serverAuth --lifetime 1460 --type pkcs10

       Then the following command can be used to issue a certificate based on a given PKCS#10 certificate request and the options above:

	 pki --issue --options pki.opt --in req.der > cert.der

SEE ALSO

       pki(1)

5.1.1								    2013-08-12							    PKI --ISSUE(8)

Software Releases - RSS News