GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SSL-ADMIN (1)

NAME

ssl-admin - OpenSSL Certificate Manager

CONTENTS

Synopsis
Description
Core Functions
Directories
Menu Options
Notes
Bugs
Files
Author

SYNOPSIS

ssl-admin

DESCRIPTION

ssl-admin is a menu-driven tool designed to simplify the management and distriibution of SSL certificates. ssl-admin was originally written to manage SSL certificates for use with OpenVPN. This functionality has not been removed.

CORE FUNCTIONS

There are a number of core operations within ssl-admin, often times mutually exlusive of one another. For example, you cannot generate a new CA certificate and generate a client certificate all at once.

--new-ca
  This command will generate a new root certificate and key pair and store the new files in work-dir. If you add the optional --clean argument, you will wipe out the existing certificate store.

--int-ca
  This command will generate an intermediate CA certficate which can be used for signing sub keys, etc.

--client-cert, --ccert
  This will generate a client signing request, certificate, and key.

--server-cert, --scert
  This will generate a client signing request, certificate, and key, with server extensions enabled.

--dh, --diffie-hellman
  Generates the Diffie-Hellman prime.

--revoke
  Used to revoke a certificate in the store.

--crl-list
  This outputs a list of revoked certificates.

DIRECTORIES

There are a number of directories within /usr/local/etc/ssl-admin/ which contain the working and datafiles.
ACTIVE (/usr/local/etc/ssl-admin/active)
  The active directory contains certificates that have not been revoked. The only keys that are REQUIRED to be present are ca.crt and ca.key.

CSR (/usr/local/etc/ssl-admin/csr)
  The csr directory contains certificate signing requests and keys for those keys which have been created using ssl-admin. If you need to sign a certificate signing request generated elsewhere, place the .csr here. The key files are not required to be present.

PACKAGES (/usr/local/etc/ssl-admin/packages)
  The packages directory contains any zipped packages you’ve built with ssl-admin. Packages are generally used to distribute signed certificates to end users.

PROG (/usr/local/etc/ssl-admin/prog)
  The prog directory contains all the data files used by ssl-admin. DO NOT EDIT OR MODIFY THE FILES IN THIS DIRECTORY unless you know exactly what you are doing. If you are running OpenVPN, you may point your OpenVPN crl-verify config option to /usr/local/etc/ssl-admin/prog/crl.pem.

REVOKED (/usr/local/etc/ssl-admin/revoked)
  The revoked directory contains certificates and keys for those certificates that have been revoked within ssl-admin.

MENU OPTIONS

UPDATE RUN-TIME OPTIONS
  Allows the user to update key duration in days, desired key size, and whether to enable intermediate CA signing.

CREATE NEW CERTIFICATE REQUEST
  Creates a CSR, or Certificate Signing Request. Useful when the user needs to send such to a third-party certificate authority.

SIGN A CERTIFICATE REQUEST
  Signs a submitted Certificate Signing Request. This can either be created using option 2 or one that has been submitted to the user from an alternate source.

PERFORM A ONE-STEP REQUEST/SIGN
  In some scenarios, such as OpenVPN installations, the administrator will provide both the certificate and key. Both elements are needed to create in-line certificates.

REVOKE A CERTIFICATE
  This revokes a previously signed certificate. This does absolutely zero good unless you are using and distributing the certificate revokation list!!!

RENEW/RE-SIGN A PAST CERTIFICATE REQUEST
 

VIEW CURRENT CRL
  Allows you to view/inspect the current Certificate Revokation List

VIEW INDEX INFORMATION
  Allows you to inspect the current OpenSSL CA index file.

GENERATE A USER CONFIG WITH IN-LINE CERTIFICATES AND KEYS
  Given a standard, non-inline OpenVPN configuration file, this option will replace certificate and key file name arguments with their in-line counter parts. The end result is a single <cn>.ovpn file which contains all of the cryptographic keys and certificates, embedded within the OpenVPN configuration.

ZIP/PACKAGE END-USER FILES
  As an alternative to the in-line config, above, this option will create a zip file for the given common name that includes that CN certificate, key, the CA certificate, and the OpenVPN configuration. This file is then left in the packages directory for distribution to the end user.

GENERATE DIFFIE-HELLMAN
  This generated the Diffie-Hellman parameters used to more securely exchange cryptographic keys. For more information, please see http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange

CREATE SELF-SIGNED CA
 

CREATE SIGNED SERVER CERTIFICATE
 

QUIT SSL-ADMIN
  This option quits the program and returns the user to the shell.

NOTES

This man page needs to be completed.

BUGS

Upon starting ssl-admin, the user is prompted to enter the new CN twice to generate a key.
 

FILES

/usr/local/etc/ssl-admin/ssl-admin.conf

SEE ALSO

ssl-admin.conf(5), openssl(1)

AUTHOR

Eric Crist <ecrist@secure-computing.net>

v1.2.1 $Id: ssl-admin.1 356 2014-06-25 02:59:57Z ecrist $

Search for    or go to Top of page |  Section 1 |  Main Index


SSL-ADMIN (1) -->

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.