eurephiadm certs(7) eurephiadm certs(7)NAME
eurephiadm-certs - Certificate management for eurephia
DESCRIPTION
Available modes for the certificate command are:
-A | --add
Register a new certificate
-D | --delete
Delete a registered certificate
-l | --list
List all registered certificates
-h | --help <mode>
Help about a specific mode
LIST MODE
The list mode will list all registered certificates. It accepts one parameter:
-S | --sort <sort key>
Decide the sort order of the certificate list
Available sort keys are:
certid
Numeric certificate ID
depth
Certificate depth
digest
Certificate SHA1 digest
cname
Certificate Common Name field
org
Certificate organisation field
email
Certificate e-mail address field
registered
When the certificate was registered in eurephia.
ADD MODE
The add mode will register a new certificate.
-d | --depth
Certificate depth, required.
-D | --digest
SHA1 fingerprint/digest of the new certificate
-C | --common-name
Common name (CN) field of the certificate
-O | --organisation
Organisation (O) field of the certificate
-E | --email
e-mail address (emailAddress) of the certificate
Usually the certificate depth value needs to be 0, if you are registering user account certificates. CA certificates usually have a value
bigger than 0.
If you have the certificate file available, you can use the following options to retrieve the needed information directly from a certifi-
cate file.
-f | --certfile
File name of the certificate file.
-p | --pkcs12
If the file is in PKCS#12 format.
The default format is PEM format, unless --pkcs12 is given. These two options cannot be used together with -D, -C, -O or -E. But the cer-
tificate depth must be given to indicate the certificate depth.
DELETE MODE
The delete mode will remove a certificate from the certificate database.
-i | --certid
Indicates a unique certificate ID
-d | --digest
A unique SHA1 fingerprint/digest value
-C | --common-name
Common Name (CN) field of a certificate
-O | --organisation
Organisation (O) field of a certificate
-E | --email
e-mail address (emailAddress) of a certificate
You can use any of these parameters to indicate a search criteria for the certificate (or certificates) you want to delete. You will be
provided with a list over certificates which matches your search criteria and you will need to approve the deletion of the matching cer-
tificate(s).
SEE ALSO eurephiadm-users(7), eurephiadm-usercerts(7)AUTHOR
Copyright (C) 2008-2010 David Sommerseth <dazo@users.sourceforge.net>
David Sommerseth July 2010 eurephiadm certs(7)
Check Out this Related Man Page
x509(3openssl) OpenSSL x509(3openssl)NAME
x509 - X.509 certificate handling
SYNOPSIS
#include <openssl/x509.h>
DESCRIPTION
A X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine. A X.509 CRL (cer-
tificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be found in the
X.509 document from ITU-T, or in RFC3280 from PKIX. In OpenSSL, the type X509 is used to express such a certificate, and the type X509_CRL
is used to express a CRL.
A related structure is a certificate request, defined in PKCS#10 from RSA Security, Inc, also reflected in RFC2896. In OpenSSL, the type
X509_REQ is used to express such a certificate request.
To handle some complex parts of a certificate, there are the types X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express a
certificate attributes), X509_EXTENSION (to express a certificate extension) and a few more.
Finally, there's the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key.
X509_..., d2i_X509_... and i2d_X509_... handle X.509 certificates, with some exceptions, shown below.
X509_CRL_..., d2i_X509_CRL_... and i2d_X509_CRL_... handle X.509 CRLs.
X509_REQ_..., d2i_X509_REQ_... and i2d_X509_REQ_... handle PKCS#10 certificate requests.
X509_NAME_... handle certificate names.
X509_ATTRIBUTE_... handle certificate attributes.
X509_EXTENSION_... handle certificate extensions.
SEE ALSO X509_NAME_ENTRY_get_object(3), X509_NAME_add_entry_by_txt(3), X509_NAME_add_entry_by_NID(3), X509_NAME_print_ex(3), X509_NAME_new(3),
d2i_X509(3), d2i_X509_ALGOR(3), d2i_X509_CRL(3), d2i_X509_NAME(3), d2i_X509_REQ(3), d2i_X509_SIG(3), crypto(3), x509v3(3)OpenSSL-0.9.8 Oct 11 2005 x509(3openssl)