certtool

certtool

 certtool { v  d  D }   filename   [h] [v] [d] certtool y [h] [v] [k=   keychain   [c [p=   password   ]]] certtool c [h] [v] [a] [k=   keychain   [c [p=   password   ]]] certtool { r  I }   filename   [h] [v] [d] [a] [k=   keychain   [c [p=   password   ]]] certtool i   filename   [h] [v] [d] [a] [k=   keychain   [c [p=   password   ]]]  [r=   filename   [f={ 1  8  f }]] 

Description

Manages X.509 SSL/TLS certificates. It uses the Common Data Security Architecture (CDSA) in much the same way that /System/Library/OpenSSL/misc/CA.pl uses OpenSSL to ease the process of managing certificates.

As arguments, it takes a single-letter command, often followed by a filename, and possibly some options.

Options/Usage


a

When adding an item to a keychain, this option creates a key pair and includes a private key with a more restrictive ACL than usual. (The default behavior creates a private key with no additional access restrictions, while specifying this option adds a confirmation requirement to access the private key which only certtool is allowed to bypass.)


c

As a command, walks you through a series of interactive prompts to create a certificate and a public/private key pair to sign and possibly encrypt it. The resulting certificate (in DER format) is stored in your default keychain. (Note that the first prompt, for a key and certificate label , is asking for two space-separated items. Common choices are an organization name for the key, and a label designating the purpose of the certificate.)

As an option, instructs certtool to create a new keychain by the name given in the k option.


d

As a command, displays the certificate contained in filename .

As an option, indicates that the format of the CSR or CRL contained in filename is DER (a binary format), instead of the default PEM (an ASCII format, which is essentially a DER certificate with Base64 encoding).


D

Displays the certificate revocation list (CRL) contained in filename .


f

Specifies the format of the private key in the file specified with the r option. A single character specifies the format: 1 (for OpenSSL's PKCS1, the default), 8 (PKCS8), or f (FIPS186, or BSAFE).


h

Prints a usage statement to standard output, negating whichever command was given.


i

Imports the certificate contained in filename into the default keychain.


I

Imports the CRL contained in filename into the default keychain.


k

Specifies the name of a keychain (in ~/Library/Keychains ) to use other than the default.


p

Specifies the keychain password on the command line. To avoid password exposure, it's better to let certtool prompt for it.


r

As a command, walks you through a series of interactive prompts to create a certificate-signing request (CSR) and a public/private key pair to sign and possibly encrypt it. The resulting CSR is stored in filename .

As an option, specifies the file containing a private key for the certificate being imported. This is useful if you've used OpenSSL to generate a certificate, instead of certtool .


v

As a command, verifies the CSR contained in filename .

As an option, should enable verbose output, but it doesn't actually seem to make a difference.


y

As a command, displays the certificates and CRLs in the specified keychain.

Location

/usr/bin



Mac OS X Panther for Unix Geeks
Mac OS X Panther for Unix Geeks
ISBN: 0596006071
EAN: 2147483647
Year: 2003
Pages: 212

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net