| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 |
- .TH X509 8
- .SH NAME
- X509gen \- create a self-signed X.509 certificate
- .SH SYNOPSIS
- .B aux/X509gen
- [
- .B -e
- .I s
- ]
- [
- .B -p
- ]
- .I key.secret
- .I subj
- .SH DESCRIPTION
- .I X509gen
- writes a self-signed X.509 certificate to standard output,
- given an RSA public/private key pair
- .I key.secret
- and an issuer/subject string
- .IR subj ,
- also known as a "Distinguished Name" and conventionally of the form:
- .EX
- C=US ST=NJ L=07922 O=Lucent OU='Bell Labs' CN=G.R.Emlin
- .EE
- Of course, to pass
- .I subj
- to
- .I x509gen
- using
- .IR rc (1)
- the string would be quoted as in:
- .EX
- 'C=US ST=NJ L=07922 O=Lucent OU=''Bell Labs'' CN=G.R.Emlin'
- .EE
- The key pair can be generated by
- .I aux/ssh_genkey
- (see
- .IR ssh (1)).
- .PP
- Command-line options are:
- .TP
- .B -e
- number of seconds for which certificate should be valid,
- by default 3 years.
- .TP
- .B -p
- write certificate in PEM format (instead of the default DER format)
- .SH SOURCE
- .B /sys/src/cmd/aux/X509gen.c
- .SH "SEE ALSO"
- .br
- .IR ssh (1),
- .IR rsa (2)
- .SH BUGS
- Web browsers and email clients in other operating systems
- expect certificates to be issued by a well known
- root certificate authority.
|
