pki: Add acert and extend pki/print manpages
This commit is contained in:
parent
35a783cff7
commit
6e8c665a51
|
@ -1619,6 +1619,7 @@ AC_CONFIG_FILES([
|
|||
src/pki/man/pki---req.1
|
||||
src/pki/man/pki---self.1
|
||||
src/pki/man/pki---signcrl.1
|
||||
src/pki/man/pki---acert.1
|
||||
src/pki/man/pki---verify.1
|
||||
])
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ man1_MANS = \
|
|||
pki---self.1 \
|
||||
pki---issue.1 \
|
||||
pki---signcrl.1 \
|
||||
pki---acert.1 \
|
||||
pki---req.1 \
|
||||
pki---pkcs7.1 \
|
||||
pki---keyid.1 \
|
||||
|
|
|
@ -0,0 +1,107 @@
|
|||
.TH "PKI \-\-ACERT" 1 "2014-02-05" "@PACKAGE_VERSION@" "strongSwan"
|
||||
.
|
||||
.SH "NAME"
|
||||
.
|
||||
pki \-\-acert \- Issue an attribute certificate
|
||||
.
|
||||
.SH "SYNOPSIS"
|
||||
.
|
||||
.SY pki\ \-\-acert
|
||||
.OP \-\-in file
|
||||
.OP \-\-group membership
|
||||
.BI \-\-issuerkey\~ file |\-\-issuerkeyid\~ hex
|
||||
.BI \-\-issuercert\~ file
|
||||
.OP \-\-lifetime hours
|
||||
.OP \-\-serial hex
|
||||
.OP \-\-digest digest
|
||||
.OP \-\-outform encoding
|
||||
.OP \-\-debug level
|
||||
.YS
|
||||
.
|
||||
.SY pki\ \-\-acert
|
||||
.BI \-\-options\~ file
|
||||
.YS
|
||||
.
|
||||
.SY "pki \-\-acert"
|
||||
.B \-h
|
||||
|
|
||||
.B \-\-help
|
||||
.YS
|
||||
.
|
||||
.SH "DESCRIPTION"
|
||||
.
|
||||
This sub-command of
|
||||
.BR pki (1)
|
||||
is used to issue an attribute certificate using an issuer certificate with its
|
||||
private key and the holder certificate.
|
||||
.
|
||||
.SH "OPTIONS"
|
||||
.
|
||||
.TP
|
||||
.B "\-h, \-\-help"
|
||||
Print usage information with a summary of the available options.
|
||||
.TP
|
||||
.BI "\-v, \-\-debug " level
|
||||
Set debug level, default: 1.
|
||||
.TP
|
||||
.BI "\-+, \-\-options " file
|
||||
Read command line options from \fIfile\fR.
|
||||
.TP
|
||||
.BI "\-i, \-\-in " file
|
||||
Holder certificate to issue an attribute certificate for. If not given the
|
||||
certificate is read from \fISTDIN\fR.
|
||||
.TP
|
||||
.BI "\-m, \-\-group " membership
|
||||
Group membership the attribute certificate shall certify. The specified group
|
||||
is included as a string. To include multiple groups, the option can be repeated.
|
||||
.TP
|
||||
.BI "\-k, \-\-issuerkey " file
|
||||
Issuer private key file. Either this or
|
||||
.B \-\-issuerkeyid
|
||||
is required.
|
||||
.TP
|
||||
.BI "\-x, \-\-issuerkeyid " hex
|
||||
Key ID of a issuer private key on a smartcard. Either this or
|
||||
.B \-\-issuerkey
|
||||
is required.
|
||||
.TP
|
||||
.BI "\-c, \-\-issuercert " file
|
||||
Issuer certificate file. Required.
|
||||
.TP
|
||||
.BI "\-l, \-\-lifetime " hours
|
||||
Hours the attribute certificate is valid, default: 24.
|
||||
.TP
|
||||
.BI "\-s, \-\-serial " hex
|
||||
Serial number in hex. It is randomly allocated by default.
|
||||
.TP
|
||||
.BI "\-g, \-\-digest " digest
|
||||
Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
|
||||
\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
|
||||
\fIsha1\fR.
|
||||
.TP
|
||||
.BI "\-f, \-\-outform " encoding
|
||||
Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
|
||||
\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
|
||||
.
|
||||
.SH "EXAMPLES"
|
||||
.
|
||||
To save repetitive typing, command line options can be stored in files.
|
||||
Lets assume
|
||||
.I acert.opt
|
||||
contains the following contents:
|
||||
.PP
|
||||
.EX
|
||||
--issuercert aacert.der --issuerkey aakey.der --digest sha256 --lifetime 4
|
||||
.EE
|
||||
.PP
|
||||
Then the following command can be used to issue an attribute certificate based
|
||||
on a holder certificate and the options above:
|
||||
.PP
|
||||
.EX
|
||||
pki --acert --options acert.opt --in holder.der --group sales --group finance -f pem
|
||||
.EE
|
||||
.PP
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.
|
||||
.BR pki (1)
|
|
@ -46,8 +46,9 @@ Input file. If not given the input is read from \fISTDIN\fR.
|
|||
.BI "\-t, \-\-type " type
|
||||
Type of input. One of \fIrsa-priv\fR (RSA private key), \fIecdsa-priv\fR (ECDSA
|
||||
private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR
|
||||
(Certificate Revocation List, CRL), defaults to \fIx509\fR.
|
||||
(Certificate Revocation List, CRL), \fIac\fR (Attribute Certificate),
|
||||
defaults to \fIx509\fR.
|
||||
.
|
||||
.SH "SEE ALSO"
|
||||
.
|
||||
.BR pki (1)
|
||||
.BR pki (1)
|
||||
|
|
|
@ -49,6 +49,9 @@ Issue a certificate using a CA certificate and key.
|
|||
.B "\-c, \-\-signcrl"
|
||||
Issue a CRL using a CA certificate and key.
|
||||
.TP
|
||||
.B "\-z, \-\-acert"
|
||||
Issue an attribute certificate.
|
||||
.TP
|
||||
.B "\-r, \-\-req"
|
||||
Create a PKCS#10 certificate request.
|
||||
.TP
|
||||
|
@ -148,6 +151,7 @@ certificates with the \-\-crl option.
|
|||
.BR pki\ \-\-self (1),
|
||||
.BR pki\ \-\-issue (1),
|
||||
.BR pki\ \-\-signcrl (1),
|
||||
.BR pki\ \-\-acert (1),
|
||||
.BR pki\ \-\-req (1),
|
||||
.BR pki\ \-\-pkcs7 (1),
|
||||
.BR pki\ \-\-keyid (1),
|
||||
|
|
Loading…
Reference in New Issue