|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| ssl-admin(1) | FreeBSD General Commands Manual | ssl-admin(1) |
NAME
ssl-admin - OpenSSL Certificate Manager
SYNOPSIS
ssl-admin
DESCRIPTION
ssl-admin is a menu-driven tool designed to simplify the management and distriibution of SSL certificates. ssl-admin was originally written to manage SSL certificates for use with OpenVPN. This functionality has not been removed.
CORE FUNCTIONS
There are a number of core operations within ssl-admin, often times mutually exlusive of one another. For example, you cannot generate a new CA certificate and generate a client certificate all at once.
- --new-ca
- This command will generate a new root certificate and key pair and store the new files in work-dir. If you add the optional --clean argument, you will wipe out the existing certificate store.
- --int-ca
- This command will generate an intermediate CA certficate which can be used for signing sub keys, etc.
- --client-cert, --ccert
- This will generate a client signing request, certificate, and key.
- --server-cert, --scert
- This will generate a client signing request, certificate, and key, with server extensions enabled.
- --dh, --diffie-hellman
- Generates the Diffie-Hellman prime.
- --revoke
- Used to revoke a certificate in the store.
- --crl-list
- This outputs a list of revoked certificates.
DIRECTORIES
There are a number of directories within /usr/local/etc/ssl-admin/ which contain the working and datafiles.
- ACTIVE (/usr/local/etc/ssl-admin/active)
- The active directory contains certificates that have not been revoked. The only keys that are REQUIRED to be present are ca.crt and ca.key.
- CSR (/usr/local/etc/ssl-admin/csr)
- The csr directory contains certificate signing requests and keys for those keys which have been created using ssl-admin. If you need to sign a certificate signing request generated elsewhere, place the .csr here. The key files are not required to be present.
- PACKAGES (/usr/local/etc/ssl-admin/packages)
- The packages directory contains any zipped packages you've built with ssl-admin. Packages are generally used to distribute signed certificates to end users.
- PROG (/usr/local/etc/ssl-admin/prog)
- The prog directory contains all the data files used by ssl-admin. DO NOT EDIT OR MODIFY THE FILES IN THIS DIRECTORY unless you know exactly what you are doing. If you are running OpenVPN, you may point your OpenVPN crl-verify config option to /usr/local/etc/ssl-admin/prog/crl.pem.
- REVOKED (/usr/local/etc/ssl-admin/revoked)
- The revoked directory contains certificates and keys for those certificates that have been revoked within ssl-admin.
MENU OPTIONS
- UPDATE RUN-TIME OPTIONS
- CREATE NEW CERTIFICATE REQUEST
- SIGN A CERTIFICATE REQUEST
- PERFORM A ONE-STEP REQUEST/SIGN
- REVOKE A CERTIFICATE
- RENEW/RE-SIGN A PAST CERTIFICATE REQUEST
- VIEW CURRENT CRL
- VIEW INDEX INFORMATION
- ZIP/PACKAGE END-USER FILES
- GENERATE DIFFIE-HELLMAN
- CREATE SELF-SIGNED CA
- CREATE SIGNED SERVER CERTIFICATE
- QUIT SSL-ADMIN
NOTES
This man page needs to be completed.
BUGS
- OpenVPN client.ovpn error
- There is an error when making a new certificate that client.ovpn doesn't exist.
FILES
/usr/local/etc/ssl-admin/ssl-admin.conf
SEE ALSO
ssl-admin.conf(5), openssl(1)
AUTHOR
Eric Crist <ecrist@secure-computing.net>
v~~~VERSION~~~ $Id: ssl-admin.1 356 2014-06-25 02:59:57Z ecrist $
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.