GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PKI---ACERT (1)

NAME

pki --acert - Issue an attribute certificate

CONTENTS

SYNOPSIS

--issuerkey~file|--issuerkeyid~hex --issuercert~file --options~file -h | --help

DESCRIPTION

This sub-command of pki(1) is used to issue an attribute certificate using an issuer certificate with its private key and the holder certificate.

OPTIONS

-h, --help
  Print usage information with a summary of the available options.
-v, --debug level
  Set debug level, default: 1.
-+, --options file
  Read command line options from file.
-i, --in file
  Holder certificate to issue an attribute certificate for. If not given the certificate is read from STDIN.
-m, --group membership
  Group membership the attribute certificate shall certify. The specified group is included as a string. To include multiple groups, the option can be repeated.
-k, --issuerkey file
  Issuer private key file. Either this or --issuerkeyid is required.
-x, --issuerkeyid hex
  Key ID of a issuer private key on a smartcard. Either this or --issuerkey is required.
-c, --issuercert file
  Issuer certificate file. Required.
-l, --lifetime hours
  Hours the attribute certificate is valid, default: 24. Ignored if both an absolute start and end time are given.
-F, --not-before datetime
  Absolute time when the validity of the AC begins. The datetime format is defined by the --dateform option.
-T, --not-after datetime
  Absolute time when the validity of the AC ends. The datetime format is defined by the --dateform option.
-D, --dateform form
  strptime(3) format for the --not-before and --not-after options, default: %d.%m.%y %T
-s, --serial hex
  Serial number in hex. It is randomly allocated by default.
-g, --digest digest
  Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. The default is determined based on the type and size of the signature key.
-f, --outform encoding
  Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

EXAMPLES

To save repetitive typing, command line options can be stored in files. Lets assume acert.opt contains the following contents:

--issuercert aacert.der --issuerkey aakey.der --digest sha256 --lifetime 4

Then the following command can be used to issue an attribute certificate based on a holder certificate and the options above:

pki --acert --options acert.opt --in holder.der --group sales --group finance -f pem

SEE ALSO

pki(1)
Search for    or go to Top of page |  Section 1 |  Main Index


5.4.0 PKI --ACERT (1) 2014-02-05

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.