ipsec pki is maintained as alias.
man/ipsec.secrets.5
man/strongswan.conf.5
src/charon-cmd/charon-cmd.8
- src/pki/man/ipsec-pki.8
- src/pki/man/pki---gen.8
- src/pki/man/pki---issue.8
- src/pki/man/pki---keyid.8
- src/pki/man/pki---pkcs7.8
- src/pki/man/pki---print.8
- src/pki/man/pki---pub.8
- src/pki/man/pki---req.8
- src/pki/man/pki---self.8
- src/pki/man/pki---signcrl.8
- src/pki/man/pki---verify.8
+ src/pki/man/pki.1
+ src/pki/man/pki---gen.1
+ src/pki/man/pki---issue.1
+ src/pki/man/pki---keyid.1
+ src/pki/man/pki---pkcs7.1
+ src/pki/man/pki---print.1
+ src/pki/man/pki---pub.1
+ src/pki/man/pki---req.1
+ src/pki/man/pki---self.1
+ src/pki/man/pki---signcrl.1
+ src/pki/man/pki---verify.1
])
AC_OUTPUT
-e "s:@IPSEC_DISTRO@::" \
-e "s:@IPSEC_DIR@:$(strongswan_DIR):" \
-e "s:@IPSEC_SCRIPT@:ipsec:" \
+ -e "s:@IPSEC_BINDIR@:$(strongswan_DIR):" \
-e "s:@IPSEC_SBINDIR@:$(strongswan_SBINDIR):" \
-e "s:@IPSEC_CONFDIR@:$(strongswan_CONFDIR):" \
-e "s:@IPSEC_PIDDIR@:$(strongswan_PIDDIR):" \
-e "s:@IPSEC_DISTRO@::" \
-e "s:@IPSEC_DIR@:$(ipsecdir):" \
-e "s:@IPSEC_SCRIPT@:$(ipsec_script):" \
+ -e "s:@IPSEC_BINDIR@:$(bindir):" \
-e "s:@IPSEC_SBINDIR@:$(sbindir):" \
-e "s:@IPSEC_CONFDIR@:$(sysconfdir):" \
-e "s:@IPSEC_PIDDIR@:$(piddir):" \
# for more details.
# define a minimum PATH environment in case it is not set
-PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@"
+PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@"
export PATH
# set daemon name
# where the private directory and the config files are
IPSEC_DIR="@IPSEC_DIR@"
+IPSEC_BINDIR="@IPSEC_BINDIR@"
IPSEC_SBINDIR="@IPSEC_SBINDIR@"
IPSEC_CONFDIR="@IPSEC_CONFDIR@"
IPSEC_PIDDIR="@IPSEC_PIDDIR@"
IPSEC_STROKE="${IPSEC_DIR}/stroke"
IPSEC_STARTER="${IPSEC_DIR}/starter"
-export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
+export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
exit 7
fi
;;
+pki)
+ shift
+ exec $IPSEC_BINDIR/pki "$@"
+ ;;
version|--version)
printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
printf "$IPSEC_DISTRO\n"
SUBDIRS = man
-ipsec_PROGRAMS = pki
+bin_PROGRAMS = pki
pki_SOURCES = pki.c pki.h command.c command.h \
commands/gen.c \
-man8_MANS = \
- ipsec-pki.8 \
- pki---gen.8 \
- pki---self.8 \
- pki---issue.8 \
- pki---signcrl.8 \
- pki---req.8 \
- pki---pkcs7.8 \
- pki---keyid.8 \
- pki---print.8 \
- pki---pub.8 \
- pki---verify.8
+man1_MANS = \
+ pki.1 \
+ pki---gen.1 \
+ pki---self.1 \
+ pki---issue.1 \
+ pki---signcrl.1 \
+ pki---req.1 \
+ pki---pkcs7.1 \
+ pki---keyid.1 \
+ pki---print.1 \
+ pki---pub.1 \
+ pki---verify.1
-CLEANFILES = $(man8_MANS)
+CLEANFILES = $(man1_MANS)
-.TH "PKI \-\-GEN" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
is used to generate a new RSA or ECDSA private key.
.
.SH "OPTIONS"
.SH "EXAMPLES"
.
.TP
-.B ipsec pki \-\-gen \-\-size 3072 > rsa_key.der
+.B pki \-\-gen \-\-size 3072 > rsa_key.der
Generates a 3072-bit RSA private key.
.
.TP
-.B ipsec pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
+.B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der
Generates a 256-bit ECDSA private key.
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
is used to issue a certificate using a CA certificate and private key.
.
.SH "OPTIONS"
given PKCS#10 certificate request and the options above:
.PP
.EX
- ipsec pki --issue --options pki.opt --in req.der > cert.der
+ pki --issue --options pki.opt --in req.der > cert.der
.EE
.PP
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-KEYID" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-KEYID" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
calculates key identifiers of private keys and certificates.
.
.SH "OPTIONS"
Calculate key identifiers of an RSA private key:
.PP
.EX
- ipsec pki --keyid --in key.der
+ pki --keyid --in key.der
subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
.EE
Calculate key identifiers of an X.509 certificate:
.PP
.EX
- ipsec pki --keyid --in cert.der --type x509
+ pki --keyid --in cert.der --type x509
subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1...
subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1...
.EE
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-PKCS7" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-PKCS7" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
provides functions to wrap/unwrap PKCS#7 containers.
.
.SH "OPTIONS"
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-PRINT" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
prints credentials (keys, certificates etc.) in human readable form.
.
.SH "OPTIONS"
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-PUB" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-PUB" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
extracts public keys from a private keys and certificates.
.
.SH "OPTIONS"
Extract the public key from an RSA private key:
.PP
.EX
- ipsec pki --pub --in key.der > pub.der
+ pki --pub --in key.der > pub.der
.EE
.PP
Extract the public key from an X.509 certificate:
.PP
.EX
- ipsec pki --pub --in cert.der --type x509 > pub.der
+ pki --pub --in cert.der --type x509 > pub.der
.EE
.PP
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-REQ" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-REQ" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
is used to create a PKCS#10 certificate request.
.
.SH "OPTIONS"
Generate a certificate request for an RSA key, with a subjectAltName extension:
.PP
.EX
- ipsec pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
- \-\-san moon@strongswan.org > req.der
+ pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+ \-\-san moon@strongswan.org > req.der
.EE
.PP
Generate a certificate request for an ECDSA key and a different digest:
.PP
.EX
- ipsec pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\
- \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der
+ pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\
+ \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der
.EE
.PP
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-SELF" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
is used to create a self-signed certificate.
.
.SH "OPTIONS"
Generate a self-signed certificate using the given RSA key:
.PP
.EX
- ipsec pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
- \-\-san moon.strongswan.org > cert.der
+ pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+ \-\-san moon.strongswan.org > cert.der
.EE
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-SIGNCRL" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-SIGNCRL" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
is used to issue a Certificate Revocation List (CRL) using a CA certificate and
private key.
.
Revoke a certificate:
.PP
.EX
- ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
- \-\-reason superseded \-\-cert cert.der > crl.der
+ pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+ \-\-reason superseded \-\-cert cert.der > crl.der
.EE
.PP
Update an existing CRL with two new revocations, using the certificate's serial
number, but no reason:
.PP
.EX
- ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
- \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der
+ pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+ \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der
.EE
.PP
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH "PKI \-\-VERIFY" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
.SH "DESCRIPTION"
.
This sub-command of
-.BR ipsec\-pki (8)
+.BR pki (1)
verifies a certificate using an optional CA certificate.
.
.SH "OPTIONS"
.
.SH "SEE ALSO"
.
-.BR ipsec\-pki (8)
\ No newline at end of file
+.BR pki (1)
\ No newline at end of file
-.TH IPSEC\-PKI 8 "2013-07-30" "@PACKAGE_VERSION@" "strongSwan"
+.TH PKI 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
.
.SH "NAME"
.
-ipsec pki \- Simple public key infrastructure (PKI) management tool
+pki \- Simple public key infrastructure (PKI) management tool
.
.SH "SYNOPSIS"
.
-.SY "ipsec pki"
+.SY "pki"
.I command
.RI [ option\~ .\|.\|.]
.YS
.
-.SY "ipsec pki"
+.SY "pki"
.B \-h
|
.B \-\-help
.
.SH "DESCRIPTION"
.
-.B ipsec pki
+.B pki
is a suite of commands that allow you to manage a simple public key
infrastructure (PKI).
.P
command. By default this generates a 2048-bit RSA key.
.PP
.EX
- ipsec pki \-\-gen > ca_key.der
+ pki \-\-gen > ca_key.der
.EE
.PP
This key is used to create the self-signed CA certificate, using the
command. The distinguished name should be adjusted to your needs.
.PP
.EX
- ipsec pki \-\-self \-\-ca \-\-in ca_key.der \\
- \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der
+ pki \-\-self \-\-ca \-\-in ca_key.der \\
+ \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der
.EE
.PP
.
To generate a certificate for a server, we start by generating a private key.
.PP
.EX
- ipsec pki \-\-gen > server_key.der
+ pki \-\-gen > server_key.der
.EE
.PP
The public key will be included in the certificate so lets extract that from the
private key.
.PP
.EX
- ipsec pki \-\-pub \-\-in server_key.der > server_pub.der
+ pki \-\-pub \-\-in server_key.der > server_pub.der
.EE
.PP
The following command will use the CA certificate and private key to issue the
for more options).
.PP
.EX
- ipsec pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\
- \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\
- \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der
+ pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\
+ \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\
+ \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der
.EE
.PP
Instead of storing the public key in a separate
command.
.PP
.EX
- ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
- \-\-reason superseded \-\-cert server_cert.der > crl.der
+ pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\
+ \-\-reason superseded \-\-cert server_cert.der > crl.der
.EE
.PP
The certificate given with \-\-cacert must be either a CA certificate or a
.
.SH "SEE ALSO"
.
-.BR ipsec (8),
-.BR pki\ \-\-gen (8),
-.BR pki\ \-\-self (8),
-.BR pki\ \-\-issue (8),
-.BR pki\ \-\-signcrl (8),
-.BR pki\ \-\-req (8),
-.BR pki\ \-\-pkcs7 (8),
-.BR pki\ \-\-keyid (8),
-.BR pki\ \-\-print (8),
-.BR pki\ \-\-pub (8),
-.BR pki\ \-\-verify (8)
+.BR pki\ \-\-gen (1),
+.BR pki\ \-\-self (1),
+.BR pki\ \-\-issue (1),
+.BR pki\ \-\-signcrl (1),
+.BR pki\ \-\-req (1),
+.BR pki\ \-\-pkcs7 (1),
+.BR pki\ \-\-keyid (1),
+.BR pki\ \-\-print (1),
+.BR pki\ \-\-pub (1),
+.BR pki\ \-\-verify (1)
projects / thirdparty / strongswan.git / commitdiff
