diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/CA.pl.1')
-rw-r--r-- | secure/usr.bin/openssl/man/CA.pl.1 | 74 |
1 files changed, 35 insertions, 39 deletions
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 6cdcd26..17db727 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:49:30 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,13 +126,12 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH CA.PL 1 "2005-02-25" "0.9.7d" "OpenSSL" .SH "NAME" -\&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs +CA.pl \- friendlier interface for OpenSSL certificate programs .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fB\s-1CA\s0.pl\fR @@ -150,7 +140,7 @@ [\fB\-help\fR] [\fB\-newcert\fR] [\fB\-newreq\fR] -[\fB\-newreq-nodes\fR] +[\fB\-newreq\-nodes\fR] [\fB\-newca\fR] [\fB\-xsign\fR] [\fB\-sign\fR] @@ -166,28 +156,28 @@ It is intended to simplify the process of certificate creation and management by the use of some simple options. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" -.Ip "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 +.IP "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 .IX Item "?, -h, -help" prints a usage message. -.Ip "\fB\-newcert\fR" 4 +.IP "\fB\-newcert\fR" 4 .IX Item "-newcert" creates a new self signed certificate. The private key and certificate are written to the file \*(L"newreq.pem\*(R". -.Ip "\fB\-newreq\fR" 4 +.IP "\fB\-newreq\fR" 4 .IX Item "-newreq" creates a new certificate request. The private key and request are written to the file \*(L"newreq.pem\*(R". -.Ip "\fB\-newreq-nowdes\fR" 4 +.IP "\fB\-newreq\-nowdes\fR" 4 .IX Item "-newreq-nowdes" is like \fB\-newreq\fR except that the private key will not be encrypted. -.Ip "\fB\-newca\fR" 4 +.IP "\fB\-newca\fR" 4 .IX Item "-newca" creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 details of the \s-1CA\s0 will be prompted for. The relevant files and directories are created in a directory called \*(L"demoCA\*(R" in the current directory. -.Ip "\fB\-pkcs12\fR" 4 +.IP "\fB\-pkcs12\fR" 4 .IX Item "-pkcs12" create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 certificate. It expects the user certificate and private key to be in the @@ -197,26 +187,26 @@ it creates a file \*(L"newcert.p12\*(R". This command can thus be called after t If there is an additional argument on the command line it will be used as the \&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser list box), otherwise the name \*(L"My Certificate\*(R" is used. -.Ip "\fB\-sign\fR, \fB\-signreq\fR, \fB\-xsign\fR" 4 +.IP "\fB\-sign\fR, \fB\-signreq\fR, \fB\-xsign\fR" 4 .IX Item "-sign, -signreq, -xsign" calls the \fBca\fR program to sign a certificate request. It expects the request to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file \&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written to standard output. -.Ip "\fB\-signCA\fR" 4 +.IP "\fB\-signCA\fR" 4 .IX Item "-signCA" this option is the same as the \fB\-signreq\fR option except it uses the configuration file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. -.Ip "\fB\-signcert\fR" 4 +.IP "\fB\-signcert\fR" 4 .IX Item "-signcert" this option is the same as \fB\-sign\fR except it expects a self signed certificate to be present in the file \*(L"newreq.pem\*(R". -.Ip "\fB\-verify\fR" 4 +.IP "\fB\-verify\fR" 4 .IX Item "-verify" verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". -.Ip "\fBfiles\fR" 4 +.IP "\fBfiles\fR" 4 .IX Item "files" one or more optional certificate file names for use with the \fB\-verify\fR command. .SH "EXAMPLES" @@ -226,6 +216,7 @@ Create a \s-1CA\s0 hierarchy: .Vb 1 \& CA.pl -newca .Ve +.PP Complete certificate creation example: create a \s-1CA\s0, create a request, sign the request and finally create a PKCS#12 file containing it. .PP @@ -238,7 +229,7 @@ the request and finally create a PKCS#12 file containing it. .SH "DSA CERTIFICATES" .IX Header "DSA CERTIFICATES" Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to -use it with \s-1DSA\s0 certificates and requests using the req(1) command +use it with \s-1DSA\s0 certificates and requests using the \fIreq\fR\|(1) command directly. The following example shows the steps that would typically be taken. .PP Create some \s-1DSA\s0 parameters: @@ -246,16 +237,19 @@ Create some \s-1DSA\s0 parameters: .Vb 1 \& openssl dsaparam -out dsap.pem 1024 .Ve +.PP Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: .PP .Vb 1 \& openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem .Ve +.PP Create the \s-1CA\s0 directories and files: .PP .Vb 1 \& CA.pl -newca .Ve +.PP enter cacert.pem when prompted for the \s-1CA\s0 file name. .PP Create a \s-1DSA\s0 certificate request and private key (a different set of parameters @@ -264,6 +258,7 @@ can optionally be created first): .Vb 1 \& openssl req -out newreq.pem -newkey dsa:dsap.pem .Ve +.PP Sign the request: .PP .Vb 1 @@ -285,6 +280,7 @@ be wrong. In this case the command: .Vb 1 \& perl -S CA.pl .Ve +.PP can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to the correct path of the configuration file \*(L"openssl.cnf\*(R". .PP @@ -298,5 +294,5 @@ file location to be specified, it should contain the full path to the configuration file, not just its directory. .SH "SEE ALSO" .IX Header "SEE ALSO" -x509(1), ca(1), req(1), pkcs12(1), -config(5) +\&\fIx509\fR\|(1), \fIca\fR\|(1), \fIreq\fR\|(1), \fIpkcs12\fR\|(1), +\&\fIconfig\fR\|(5) |