x509 1.1 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758
  1. .TH X509 8
  2. .SH NAME
  3. X509gen \- create a self-signed X.509 certificate
  4. .SH SYNOPSIS
  5. .B aux/X509gen
  6. [
  7. .B -e
  8. .I s
  9. ]
  10. [
  11. .B -p
  12. ]
  13. .I key.secret
  14. .I subj
  15. .SH DESCRIPTION
  16. .I X509gen
  17. writes a self-signed X.509 certificate to standard output,
  18. given an RSA public/private key pair
  19. .I key.secret
  20. and an issuer/subject string
  21. .IR subj ,
  22. also known as a "Distinguished Name" and conventionally of the form:
  23. .EX
  24. C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=G.R.Emlin
  25. .EE
  26. Of course, to pass
  27. .I subj
  28. to
  29. .I x509gen
  30. using
  31. .IR rc (1)
  32. the string would be quoted as in:
  33. .EX
  34. 'C=US ST=NJ L=07922 O=Lucent OU=''Bell Labs'' CN=G.R.Emlin'
  35. .EE
  36. The key pair can be generated by
  37. .I aux/ssh_genkey
  38. (see
  39. .IR ssh (1)).
  40. .PP
  41. Command-line options are:
  42. .TP
  43. .B -e
  44. number of seconds for which certificate should be valid,
  45. by default 3 years.
  46. .TP
  47. .B -p
  48. write certificate in PEM format (instead of the default DER format)
  49. .SH SOURCE
  50. .B /sys/src/cmd/aux/X509gen.c
  51. .SH "SEE ALSO"
  52. .br
  53. .IR ssh (1),
  54. .IR rsa (2)
  55. .SH BUGS
  56. Web browsers and email clients in other operating systems
  57. expect certificates to be issued by a well known
  58. root certificate authority.