Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

eurephiadm-certs(7) [debian man page]

eurephiadm certs(7)													       eurephiadm certs(7)

NAME

       eurephiadm-certs - Certificate management for eurephia

DESCRIPTION

       Available modes for the certificate command are:

       -A | --add
	      Register a new certificate

       -D | --delete
	      Delete a registered certificate

       -l | --list
	      List all registered certificates

       -h | --help <mode>
	      Help about a specific mode

LIST MODE

       The list mode will list all registered certificates.  It accepts one parameter:

       -S | --sort <sort key>
	      Decide the sort order of the certificate list

       Available sort keys are:

	      certid
	       Numeric certificate ID

	      depth
	       Certificate depth

	      digest
	       Certificate SHA1 digest

	      cname
	       Certificate Common Name field

	      org
	       Certificate organisation field

	      email
	       Certificate e-mail address field

	      registered
	       When the certificate was registered in eurephia.

ADD MODE

       The add mode will register a new certificate.

       -d | --depth
	      Certificate depth, required.

       -D | --digest
	      SHA1 fingerprint/digest of the new certificate

       -C | --common-name
	      Common name (CN) field of the certificate

       -O | --organisation
	      Organisation (O) field of the certificate

       -E | --email
	      e-mail address (emailAddress) of the certificate

       Usually	the  certificate depth value needs to be 0, if you are registering user account certificates. CA certificates usually have a value
       bigger than 0.

       If you have the certificate file available, you can use the following options to retrieve the needed information directly from  a  certifi-
       cate file.

       -f | --certfile
	      File name of the certificate file.

       -p | --pkcs12
	      If the file is in PKCS#12 format.

       The default format is PEM format, unless --pkcs12 is given.  These two options cannot be used together with -D, -C, -O or -E.  But the cer-
       tificate depth must be given to indicate the certificate depth.

DELETE MODE

       The delete mode will remove a certificate from the certificate database.

       -i | --certid
	      Indicates a unique certificate ID

       -d | --digest
	      A unique SHA1 fingerprint/digest value

       -C | --common-name
	      Common Name (CN) field of a certificate

       -O | --organisation
	      Organisation (O) field of a certificate

       -E | --email
	      e-mail address (emailAddress) of a certificate

       You can use any of these parameters to indicate a search criteria for the certificate (or certificates) you want to delete.   You  will	be
       provided  with  a  list over certificates which matches your search criteria and you will need to approve the deletion of the matching cer-
       tificate(s).

SEE ALSO

       eurephiadm-users(7), eurephiadm-usercerts(7)

AUTHOR

       Copyright (C) 2008-2010	David Sommerseth <dazo@users.sourceforge.net>

David Sommerseth						     July 2010						       eurephiadm certs(7)

Check Out this Related Man Page

x509(3openssl)							      OpenSSL							    x509(3openssl)

NAME

       x509 - X.509 certificate handling

SYNOPSIS

	#include <openssl/x509.h>

DESCRIPTION

       A X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine.	A X.509 CRL (cer-
       tificate revocation list) is a tool to help determine if a certificate is still valid.  The exact definition of those can be found in the
       X.509 document from ITU-T, or in RFC3280 from PKIX.  In OpenSSL, the type X509 is used to express such a certificate, and the type X509_CRL
       is used to express a CRL.

       A related structure is a certificate request, defined in PKCS#10 from RSA Security, Inc, also reflected in RFC2896.  In OpenSSL, the type
       X509_REQ is used to express such a certificate request.

       To handle some complex parts of a certificate, there are the types X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express a
       certificate attributes), X509_EXTENSION (to express a certificate extension) and a few more.

       Finally, there's the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key.

       X509_..., d2i_X509_... and i2d_X509_... handle X.509 certificates, with some exceptions, shown below.

       X509_CRL_..., d2i_X509_CRL_... and i2d_X509_CRL_...  handle X.509 CRLs.

       X509_REQ_..., d2i_X509_REQ_... and i2d_X509_REQ_...  handle PKCS#10 certificate requests.

       X509_NAME_... handle certificate names.

       X509_ATTRIBUTE_... handle certificate attributes.

       X509_EXTENSION_... handle certificate extensions.

SEE ALSO

       X509_NAME_ENTRY_get_object(3), X509_NAME_add_entry_by_txt(3), X509_NAME_add_entry_by_NID(3), X509_NAME_print_ex(3), X509_NAME_new(3),
       d2i_X509(3), d2i_X509_ALGOR(3), d2i_X509_CRL(3), d2i_X509_NAME(3), d2i_X509_REQ(3), d2i_X509_SIG(3), crypto(3), x509v3(3)

OpenSSL-0.9.8							    Oct 11 2005 						    x509(3openssl)
Man Page