eurephiadm-usercerts(7) [debian man page]

eurephiadm usercerts(7) 												   eurephiadm usercerts(7)

NAME

       eurephiadm-usercerts
	- Managing user accounts and certificate relations

DESCRIPTION

       For  a  user  to  connect  to a eurephia enabled OpenVPN server, a user account must have been created and activated and an SSL certificate
       available to the user must have been registered.  The user account and certificate the user may use must then be linked together, and  this
       linking the eurephiadm usercert command takes care of.

       It  is also this relation which gives you the option to control which network resources the VPN clients may access, by assigning a firewall
       profile to such user-certificate links.

       Available modes for the usercerts command are:

       -A | --add
	      Register a new certificate and user-cert link

       -D | --delete
	      Delete a certificate and user-cert link

       -S | --set-fwprofile
	      Sets the firewall access profile for a user-cert link

       -l | --list
	      List all registered user-cert links

       -h | --help <mode>
	      Help about a specific mode

       The list mode will list all registered links between user accounts and certificates.

LIST MODE

       The list mode will show all registered user-certificate links

       -S | --sort <sort keys>
	      Define the sorting of the list

	      Valid sort keys are:

	      uid
	       Nummeric User ID

	      certid
	       Nummeric Certificate ID

	      accessprofile
	       Nummeric firewall profile ID

	      registered
	       According to when the user-cert was registered

	      uicid
	       Nummeric user-cert link ID

SET FW PROFILE MODE

       The set-fwprofile mode will update the firewall access profile for a given user-cert link

       Options: (both required)

       -n | --uicid
	      Unique record id of certificate and user account link

       -a | --accessprofile
	      Firewall profile ID

ADD MODE

       The add mode will register a new link between a user account and a certificate.

       -c | --certid
	      Required - Certificate ID

       -i | --uid
	      Required - User account ID

       -a | --accessprofile
	      Firewall profile ID to use for this access

DELETE MODE

       The delete mode will delete a link between a user account and a certificate.

       -c | --certid
	      Certificate ID

       -i | --uid
	      User account ID

       -n | --uicid
	      Unique record id of certificate and user account link

       -a | --accessprofile
	      Firewall profile ID

SEE ALSO

       eurephiadm-users(7), eurephiadm-certs(7), eurephiadm-fwprofiles(7)

AUTHOR

       Copyright (C) 2008-2010	David Sommerseth <dazo@users.sourceforge.net>

David Sommerseth						     July 2010						   eurephiadm usercerts(7)

OPENSSL_X509_CHECKPURPOSE(3)						 1					      OPENSSL_X509_CHECKPURPOSE(3)

openssl_x509_checkpurpose - Verifies if a certificate can be used for a particular purpose

SYNOPSIS

       int openssl_x509_checkpurpose (mixed  $x509cert, int  $purpose, [array  $cainfo = array()], [string  $untrustedfile])

DESCRIPTION

       openssl_x509_checkpurpose(3) examines a certificate to see if it can be used for the specified $purpose.

PARAMETERS

	      o $x509cert
		- The examined certificate.

	      o $purpose
		-

	      openssl_x509_checkpurpose(3) purposes

	      +---------------------------+---------------------------------------------------+
	      | 	Constant	  |						      |
	      | 			  |						      |
	      | 			  |		       Description		      |
	      | 			  |						      |
	      +---------------------------+---------------------------------------------------+
	      | X509_PURPOSE_SSL_CLIENT   |						      |
	      | 			  |						      |
	      | 			  | Can  the  certificate be used for the client side |
	      | 			  | of an SSL connection?			      |
	      | 			  |						      |
	      | X509_PURPOSE_SSL_SERVER   |						      |
	      | 			  |						      |
	      | 			  | Can the certificate be used for the  server  side |
	      | 			  | of an SSL connection?			      |
	      | 			  |						      |
	      |X509_PURPOSE_NS_SSL_SERVER |						      |
	      | 			  |						      |
	      | 			  |   Can the cert be used for Netscape SSL server?   |
	      | 			  |						      |
	      | X509_PURPOSE_SMIME_SIGN   |						      |
	      | 			  |						      |
	      | 			  |    Can the cert be used to sign S/MIME email?     |
	      | 			  |						      |
	      |X509_PURPOSE_SMIME_ENCRYPT |						      |
	      | 			  |						      |
	      | 			  |   Can the cert be used to encrypt S/MIME email?   |
	      | 			  |						      |
	      |  X509_PURPOSE_CRL_SIGN	  |						      |
	      | 			  |						      |
	      | 			  | Can  the cert be used to sign a certificate revo- |
	      | 			  | cation list (CRL)?				      |
	      | 			  |						      |
	      |     X509_PURPOSE_ANY	  |						      |
	      | 			  |						      |
	      | 			  |    Can the cert be used for Any/All purposes?     |
	      | 			  |						      |
	      +---------------------------+---------------------------------------------------+
	       These options are not bitfields - you may specify one only!

	      o $cainfo
		-$cainfo should be an array of trusted CA files/dirs as described in Certificate Verification.

	      o $untrustedfile
		- If specified, this should be the name of a PEM encoded file holding certificates that can be used to help  verify  the  certifi-
		cate, although no trust is placed in the certificates that come from that file.

RETURN VALUES

	Returns TRUE if the certificate can be used for the intended purpose, FALSE if it cannot, or -1 on error.

PHP Documentation Group 											      OPENSSL_X509_CHECKPURPOSE(3)