From: Tobias Brunner Date: Mon, 12 Aug 2013 14:49:13 +0000 (+0200) Subject: pki: Add pki --req man page X-Git-Tag: 5.1.1dr4~25^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bb8e2e1759d9746622024ad20b7488f4f797fa14;p=thirdparty%2Fstrongswan.git pki: Add pki --req man page --- diff --git a/configure.ac b/configure.ac index 108c22380f..3dc1a467b7 100644 --- a/configure.ac +++ b/configure.ac @@ -1496,6 +1496,7 @@ AC_CONFIG_FILES([ src/pki/man/ipsec-pki.8 src/pki/man/pki---gen.8 src/pki/man/pki---issue.8 + src/pki/man/pki---req.8 src/pki/man/pki---self.8 src/pki/man/pki---signcrl.8 ]) diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index d90ddc251f..e269f64eaf 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -174,9 +174,8 @@ static void __attribute__ ((constructor))reg() command_register((command_t) { req, 'r', "req", "create a PKCS#10 certificate request", - {"[--in file] [--type rsa|ecdsa]", - " --dn distinguished-name [--san subjectAltName]+", - "[--password challengePassword]", + {" [--in file] [--type rsa|ecdsa] --dn distinguished-name", + "[--san subjectAltName]+ [--password challengePassword]", "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/pki/man/Makefile.am b/src/pki/man/Makefile.am index df71614fe9..1a7f62119c 100644 --- a/src/pki/man/Makefile.am +++ b/src/pki/man/Makefile.am @@ -3,6 +3,7 @@ man8_MANS = \ pki---gen.8 \ pki---self.8 \ pki---issue.8 \ - pki---signcrl.8 + pki---signcrl.8 \ + pki---req.8 CLEANFILES = $(man8_MANS) diff --git a/src/pki/man/ipsec-pki.8.in b/src/pki/man/ipsec-pki.8.in index 49499bd393..8f664bb0b0 100644 --- a/src/pki/man/ipsec-pki.8.in +++ b/src/pki/man/ipsec-pki.8.in @@ -73,4 +73,5 @@ Verify a certificate using a CA certificate. .BR pki\ \-\-gen (8), .BR pki\ \-\-self (8), .BR pki\ \-\-issue (8), -.BR pki\ \-\-signcrl (8) +.BR pki\ \-\-signcrl (8), +.BR pki\ \-\-req (8) diff --git a/src/pki/man/pki---req.8.in b/src/pki/man/pki---req.8.in new file mode 100644 index 0000000000..9986f7feb8 --- /dev/null +++ b/src/pki/man/pki---req.8.in @@ -0,0 +1,91 @@ +.TH "PKI \-\-REQ" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +. +.SH "NAME" +. +pki \-\-req \- Create a PKCS#10 certificate request +. +.SH "SYNOPSIS" +. +.SY pki\ \-\-req +.OP \-\-in file +.OP \-\-type type +.BI \-\-dn\~ distinguished-name +.OP \-\-san subjectAltName +.OP \-\-password password +.OP \-\-digest digest +.OP \-\-outform encoding +.OP \-\-debug level +.YS +. +.SY pki\ \-\-req +.BI \-\-options\~ file +.YS +. +.SY "pki \-\-req" +.B \-h +| +.B \-\-help +.YS +. +.SH "DESCRIPTION" +. +This sub-command of +.BR ipsec\-pki (8) +is used to create a PKCS#10 certificate request. +. +.SH "OPTIONS" +. +.TP +.B "\-h, \-\-help" +Print usage information with a summary of the available options. +.TP +.BI "\-v, \-\-debug " level +Set debug level, default: 1. +.TP +.BI "\-+, \-\-options " file +Read command line options from \fIfile\fR. +.TP +.BI "\-i, \-\-in " file +Private key input file. If not given the key is read from \fISTDIN\fR. +.TP +.BI "\-t, \-\-type " type +Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR. +.TP +.BI "\-d, \-\-dn " distinguished-name +Subject distinguished name (DN). Required. +.TP +.BI "\-a, \-\-san " subjectAltName +subjectAltName extension to include in request. Can be used multiple times. +.TP +.BI "\-p, \-\-password " password +The challengePassword to include in the certificate request. +.TP +.BI "\-g, \-\-digest " digest +Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR, +\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to +\fIsha1\fR. +.TP +.BI "\-f, \-\-outform " encoding +Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or +\fIpem\fR (Base64 PEM), defaults to \fIder\fR. +. +.SH "EXAMPLES" +. +Generate a certificate request for an RSA key, with a subjectAltName extension: +.PP +.EX + ipsec pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ + \-\-san moon@strongswan.org > req.der +.EE +.PP +Generate a certificate request for an ECDSA key and a different digest: +.PP +.EX + ipsec pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\ + \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der +.EE +.PP +. +.SH "SEE ALSO" +. +.BR ipsec\-pki (8) \ No newline at end of file