*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> ssh-certenroll2 (1)              
Title
Content
Arch
Section
 

ssh-certenroll2(1)

Contents


NAME    [Toc]    [Back]

       ssh-certenroll2,  ssh-certenroll  - Certificate enrollment
       client

SYNOPSIS    [Toc]    [Back]

       ssh-certenroll2 [-V] [-S SOCKS-server] [-P proxy-url] [-g]
       [-t  rsa  | dsa] [-l key-size] [-o base-name] [-p cmp-refnum:cmp-key]
 [-e] -a  ca-access-url  -s  subject-name  cacert-file
  [-private-key] [-u number]

OPTIONS    [Toc]    [Back]

       Prints  the version string and exits.  Specifies the SOCKS
       server URL to be used when connecting to the certification
       authority.  Specifies the HTTP proxy server URL to be used
       when connecting to the certification authority.  Generates
       a new private key.  Specifies the type of key to be generated.
  Valid types are rsa or dsa.  The  default  is  rsa.
       Specifies  the  size  of the key to be generated (in bits)
       with -g.  The default is 1024.  Specifies the base  prefix
       of  the  generated  files.  The private key, if generated,
       will  be  <base>.prv   and   the   certificate   will   be
       <base>-num.crt  .   Specifies the CMP enrollment reference
       number and key (the preshared secret).  Enables the extensions
  in  the subject name.  If, for example, ip, dns, or
       email extensions are used, the -e option must be  present.
       Specifies  the  full  URL  to the certification authority.
       Specifyies the subject  name  for  the  certificate.   For
       example,   c=ca,o=acme,ou=development,cn=Rami  Romi  would
       specify the common user name "Rami Romi" in the  organizational
  unit  "development" in the  organization "acme" in
       Canada ("ca").  If extensions such as e-mail  are  needed,
       the     subject     name    could    look    like    this:
       c=ca,o=acme,ou=development,cn=Rami
       Romi;email=[email protected]

              In  this  case, the -e option is required to enable
              subject name extentions.  Some possible  extentions
              include  ip,  dns, and email.  Optionally gives the
              key usage bits.

DESCRIPTION    [Toc]    [Back]

       The ssh-certenroll2 command allows users  to  enroll  certificates.
   It  will connect to a certification authority
       (CA) and use the CMPv2 protocol for enrolling  a  certificate.
   The  user  can supply an existing private key when
       creating the certification request or allow a new  key  to
       be generated.

LEGAL NOTICES    [Toc]    [Back]

       SSH  is  a registered trademark of SSH Communication Security
 Ltd.

EXAMPLES    [Toc]    [Back]

       Enroll a certificate and generate a DSA private key:  sshcertenroll2
   -g   -t   dsa  -o  mykey  -p  12345:abcd  -S
       socks://fw.myfirm.com:1080        -a        http://www.ca-
       auth.domain:8080/pkix/  -s  "c=fi,o=acme,cn=Rami Romi" cacertificate.crt



              This will generate a private key  called  mykey.prv
              and  a  certificate  called  mykey-0.crt.  Enroll a
              certificate using a supplied private key  and  provide
  an e-mail extension: ssh-certenroll2 -o mykey
              -p        12345:ab        -a         http://www.ca-
              auth.domain:8080/pkix/    -s   "c=ca,o=acme,cn=Rami
              Romi;email=[email protected]"    ca-     certificate.crt
              my_private_key.prv


              This  will generate and enroll a certificate called
              mykey-0.crt.

ENVIRONMENT VARIABLES    [Toc]    [Back]

       Specifies the SOCKS server (if any) to use when connecting
       to  the  certification authority.  See ssh2 for the format
       of this variable.

FILES    [Toc]    [Back]

       Used for the "SocksServer"  option  only.   Used  for  the
       "SocksServer" option only..

SEE ALSO    [Toc]    [Back]

      
      
       Guides: Security Administration



                                               ssh-certenroll2(1)
[ Back ]
 Similar pages
Name OS Title
SSL_CTX_add_client_CA OpenBSD set list of CAs sent to the client when requesting a client certificate
SSL_CTX_set_client_CA_list NetBSD set list of CAs sent to the client when requesting a client certificate
SSL_CTX_set_client_CA_list Tru64 Set list of CAs sent to the client when requesting a client certificate
SSL_CTX_set_client_CA_list OpenBSD set list of CAs sent to the client when requesting a client certificate
SSL_CTX_add_client_CA Tru64 Set list of CAs sent to the client when requesting a client certificate
SSL_set_client_CA_list Tru64 Set list of CAs sent to the client when requesting a client certificate
SSL_add_client_CA OpenBSD set list of CAs sent to the client when requesting a client certificate
SSL_add_client_CA Tru64 Set list of CAs sent to the client when requesting a client certificate
SSL_set_client_CA_list OpenBSD set list of CAs sent to the client when requesting a client certificate
SSL_CTX_set_client_cert_cb Tru64 Handle client certificate callback function
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service