From 0dc8ba87794503d312e60b770e5320626a129cf3 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 13 Sep 2013 14:52:14 +0200 Subject: [PATCH] pki: Install pki(1) as utility directly in $prefix/bin ipsec pki is maintained as alias. --- configure.ac | 22 ++++---- src/ipsec/Android.mk | 1 + src/ipsec/Makefile.am | 1 + src/ipsec/_ipsec.in | 9 +++- src/pki/Makefile.am | 2 +- src/pki/man/Makefile.am | 26 +++++----- .../man/{pki---gen.8.in => pki---gen.1.in} | 10 ++-- .../{pki---issue.8.in => pki---issue.1.in} | 6 +-- .../{pki---keyid.8.in => pki---keyid.1.in} | 10 ++-- .../{pki---pkcs7.8.in => pki---pkcs7.1.in} | 6 +-- .../{pki---print.8.in => pki---print.1.in} | 6 +-- .../man/{pki---pub.8.in => pki---pub.1.in} | 10 ++-- .../man/{pki---req.8.in => pki---req.1.in} | 14 ++--- .../man/{pki---self.8.in => pki---self.1.in} | 10 ++-- ...{pki---signcrl.8.in => pki---signcrl.1.in} | 14 ++--- .../{pki---verify.8.in => pki---verify.1.in} | 6 +-- src/pki/man/{ipsec-pki.8.in => pki.1.in} | 51 +++++++++---------- 17 files changed, 105 insertions(+), 99 deletions(-) rename src/pki/man/{pki---gen.8.in => pki---gen.1.in} (91%) rename src/pki/man/{pki---issue.8.in => pki---issue.1.in} (97%) rename src/pki/man/{pki---keyid.8.in => pki---keyid.1.in} (88%) rename src/pki/man/{pki---pkcs7.8.in => pki---pkcs7.1.in} (92%) rename src/pki/man/{pki---print.8.in => pki---print.1.in} (90%) rename src/pki/man/{pki---pub.8.in => pki---pub.1.in} (87%) rename src/pki/man/{pki---req.8.in => pki---req.1.in} (83%) rename src/pki/man/{pki---self.8.in => pki---self.1.in} (93%) rename src/pki/man/{pki---signcrl.8.in => pki---signcrl.1.in} (88%) rename src/pki/man/{pki---verify.8.in => pki---verify.1.in} (90%) rename src/pki/man/{ipsec-pki.8.in => pki.1.in} (74%) diff --git a/configure.ac b/configure.ac index 9b5a81826e..2d1762c77f 100644 --- a/configure.ac +++ b/configure.ac @@ -1493,17 +1493,17 @@ AC_CONFIG_FILES([ man/ipsec.secrets.5 man/strongswan.conf.5 src/charon-cmd/charon-cmd.8 - src/pki/man/ipsec-pki.8 - src/pki/man/pki---gen.8 - src/pki/man/pki---issue.8 - src/pki/man/pki---keyid.8 - src/pki/man/pki---pkcs7.8 - src/pki/man/pki---print.8 - src/pki/man/pki---pub.8 - src/pki/man/pki---req.8 - src/pki/man/pki---self.8 - src/pki/man/pki---signcrl.8 - src/pki/man/pki---verify.8 + src/pki/man/pki.1 + src/pki/man/pki---gen.1 + src/pki/man/pki---issue.1 + src/pki/man/pki---keyid.1 + src/pki/man/pki---pkcs7.1 + src/pki/man/pki---print.1 + src/pki/man/pki---pub.1 + src/pki/man/pki---req.1 + src/pki/man/pki---self.1 + src/pki/man/pki---signcrl.1 + src/pki/man/pki---verify.1 ]) AC_OUTPUT diff --git a/src/ipsec/Android.mk b/src/ipsec/Android.mk index c25be3ebc4..3936f7af97 100644 --- a/src/ipsec/Android.mk +++ b/src/ipsec/Android.mk @@ -19,6 +19,7 @@ $(GEN) : PRIVATE_CUSTOM_TOOL = sed \ -e "s:@IPSEC_DISTRO@::" \ -e "s:@IPSEC_DIR@:$(strongswan_DIR):" \ -e "s:@IPSEC_SCRIPT@:ipsec:" \ + -e "s:@IPSEC_BINDIR@:$(strongswan_DIR):" \ -e "s:@IPSEC_SBINDIR@:$(strongswan_SBINDIR):" \ -e "s:@IPSEC_CONFDIR@:$(strongswan_CONFDIR):" \ -e "s:@IPSEC_PIDDIR@:$(strongswan_PIDDIR):" \ diff --git a/src/ipsec/Makefile.am b/src/ipsec/Makefile.am index 73427c0fae..71f2d150bc 100644 --- a/src/ipsec/Makefile.am +++ b/src/ipsec/Makefile.am @@ -20,6 +20,7 @@ _ipsec : _ipsec.in -e "s:@IPSEC_DISTRO@::" \ -e "s:@IPSEC_DIR@:$(ipsecdir):" \ -e "s:@IPSEC_SCRIPT@:$(ipsec_script):" \ + -e "s:@IPSEC_BINDIR@:$(bindir):" \ -e "s:@IPSEC_SBINDIR@:$(sbindir):" \ -e "s:@IPSEC_CONFDIR@:$(sysconfdir):" \ -e "s:@IPSEC_PIDDIR@:$(piddir):" \ diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in index 03ddb744db..3c1f998252 100644 --- a/src/ipsec/_ipsec.in +++ b/src/ipsec/_ipsec.in @@ -15,7 +15,7 @@ # for more details. # define a minimum PATH environment in case it is not set -PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@" +PATH="/sbin:/bin:/usr/sbin:/usr/bin:@IPSEC_SBINDIR@:@IPSEC_BINDIR@" export PATH # set daemon name @@ -28,6 +28,7 @@ IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`" # where the private directory and the config files are IPSEC_DIR="@IPSEC_DIR@" +IPSEC_BINDIR="@IPSEC_BINDIR@" IPSEC_SBINDIR="@IPSEC_SBINDIR@" IPSEC_CONFDIR="@IPSEC_CONFDIR@" IPSEC_PIDDIR="@IPSEC_PIDDIR@" @@ -39,7 +40,7 @@ IPSEC_CHARON_PID="${IPSEC_PIDDIR}/${DAEMON_NAME}.pid" IPSEC_STROKE="${IPSEC_DIR}/stroke" IPSEC_STARTER="${IPSEC_DIR}/starter" -export IPSEC_DIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID +export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland" @@ -313,6 +314,10 @@ update) exit 7 fi ;; +pki) + shift + exec $IPSEC_BINDIR/pki "$@" + ;; version|--version) printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n" printf "$IPSEC_DISTRO\n" diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index 7835152497..efbed9b2b5 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = man -ipsec_PROGRAMS = pki +bin_PROGRAMS = pki pki_SOURCES = pki.c pki.h command.c command.h \ commands/gen.c \ diff --git a/src/pki/man/Makefile.am b/src/pki/man/Makefile.am index 769f052878..618bd40932 100644 --- a/src/pki/man/Makefile.am +++ b/src/pki/man/Makefile.am @@ -1,14 +1,14 @@ -man8_MANS = \ - ipsec-pki.8 \ - pki---gen.8 \ - pki---self.8 \ - pki---issue.8 \ - pki---signcrl.8 \ - pki---req.8 \ - pki---pkcs7.8 \ - pki---keyid.8 \ - pki---print.8 \ - pki---pub.8 \ - pki---verify.8 +man1_MANS = \ + pki.1 \ + pki---gen.1 \ + pki---self.1 \ + pki---issue.1 \ + pki---signcrl.1 \ + pki---req.1 \ + pki---pkcs7.1 \ + pki---keyid.1 \ + pki---print.1 \ + pki---pub.1 \ + pki---verify.1 -CLEANFILES = $(man8_MANS) +CLEANFILES = $(man1_MANS) diff --git a/src/pki/man/pki---gen.8.in b/src/pki/man/pki---gen.1.in similarity index 91% rename from src/pki/man/pki---gen.8.in rename to src/pki/man/pki---gen.1.in index 9590046ccc..138ab61229 100644 --- a/src/pki/man/pki---gen.8.in +++ b/src/pki/man/pki---gen.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-GEN" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-GEN" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -29,7 +29,7 @@ pki \-\-gen \- Generate a new RSA or ECDSA private key .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) is used to generate a new RSA or ECDSA private key. . .SH "OPTIONS" @@ -100,13 +100,13 @@ of lower quality. .SH "EXAMPLES" . .TP -.B ipsec pki \-\-gen \-\-size 3072 > rsa_key.der +.B pki \-\-gen \-\-size 3072 > rsa_key.der Generates a 3072-bit RSA private key. . .TP -.B ipsec pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der +.B pki \-\-gen \-\-type ecdsa \-\-size 256 > ecdsa_key.der Generates a 256-bit ECDSA private key. . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) diff --git a/src/pki/man/pki---issue.8.in b/src/pki/man/pki---issue.1.in similarity index 97% rename from src/pki/man/pki---issue.8.in rename to src/pki/man/pki---issue.1.in index 6c9f85e176..9effd9b15f 100644 --- a/src/pki/man/pki---issue.8.in +++ b/src/pki/man/pki---issue.1.in @@ -45,7 +45,7 @@ pki \-\-issue \- Issue a certificate using a CA certificate and key .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) is used to issue a certificate using a CA certificate and private key. . .SH "OPTIONS" @@ -170,10 +170,10 @@ Then the following command can be used to issue a certificate based on a given PKCS#10 certificate request and the options above: .PP .EX - ipsec pki --issue --options pki.opt --in req.der > cert.der + pki --issue --options pki.opt --in req.der > cert.der .EE .PP . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---keyid.8.in b/src/pki/man/pki---keyid.1.in similarity index 88% rename from src/pki/man/pki---keyid.8.in rename to src/pki/man/pki---keyid.1.in index a4a6c9d4a4..490f7afea0 100644 --- a/src/pki/man/pki---keyid.8.in +++ b/src/pki/man/pki---keyid.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-KEYID" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-KEYID" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -25,7 +25,7 @@ pki \-\-keyid \- Calculate key identifiers of a key or certificate .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) calculates key identifiers of private keys and certificates. . .SH "OPTIONS" @@ -53,7 +53,7 @@ request), \fIx509\fR (X.509 certificate), defaults to \fIrsa-priv\fR. Calculate key identifiers of an RSA private key: .PP .EX - ipsec pki --keyid --in key.der + pki --keyid --in key.der subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1... subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1... .EE @@ -61,7 +61,7 @@ Calculate key identifiers of an RSA private key: Calculate key identifiers of an X.509 certificate: .PP .EX - ipsec pki --keyid --in cert.der --type x509 + pki --keyid --in cert.der --type x509 subjectKeyIdentifier: 6a:9c:74:d1:f8:89:79:89:f6:5a:94:e9:89:f1... subjectPublicKeyInfo hash: 6e:55:dc:7e:9c:a5:58:d9:5b:e3:c7:13:14:e1... .EE @@ -69,4 +69,4 @@ Calculate key identifiers of an X.509 certificate: . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---pkcs7.8.in b/src/pki/man/pki---pkcs7.1.in similarity index 92% rename from src/pki/man/pki---pkcs7.8.in rename to src/pki/man/pki---pkcs7.1.in index c500ca2885..38186cf709 100644 --- a/src/pki/man/pki---pkcs7.8.in +++ b/src/pki/man/pki---pkcs7.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-PKCS7" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-PKCS7" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -27,7 +27,7 @@ pki \-\-pkcs7 \- Provides PKCS#7 wrap/unwrap functions .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) provides functions to wrap/unwrap PKCS#7 containers. . .SH "OPTIONS" @@ -76,4 +76,4 @@ Can be used multiple times. . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---print.8.in b/src/pki/man/pki---print.1.in similarity index 90% rename from src/pki/man/pki---print.8.in rename to src/pki/man/pki---print.1.in index 7242c53011..8d3345edc7 100644 --- a/src/pki/man/pki---print.8.in +++ b/src/pki/man/pki---print.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-PRINT" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-PRINT" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -25,7 +25,7 @@ pki \-\-print \- Print a credential (key, certificate etc.) in human readable fo .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) prints credentials (keys, certificates etc.) in human readable form. . .SH "OPTIONS" @@ -50,4 +50,4 @@ private key), \fIpub\fR (public key), \fIx509\fR (X.509 certificate), \fIcrl\fR . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---pub.8.in b/src/pki/man/pki---pub.1.in similarity index 87% rename from src/pki/man/pki---pub.8.in rename to src/pki/man/pki---pub.1.in index 38e751655f..d588ae7328 100644 --- a/src/pki/man/pki---pub.8.in +++ b/src/pki/man/pki---pub.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-PUB" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-PUB" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -28,7 +28,7 @@ pki \-\-pub \- Extract a public key from a private key or certificate .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) extracts public keys from a private keys and certificates. . .SH "OPTIONS" @@ -60,16 +60,16 @@ Encoding of the extracted public key. One of \fIder\fR (ASN.1 DER), \fIpem\fR Extract the public key from an RSA private key: .PP .EX - ipsec pki --pub --in key.der > pub.der + pki --pub --in key.der > pub.der .EE .PP Extract the public key from an X.509 certificate: .PP .EX - ipsec pki --pub --in cert.der --type x509 > pub.der + pki --pub --in cert.der --type x509 > pub.der .EE .PP . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---req.8.in b/src/pki/man/pki---req.1.in similarity index 83% rename from src/pki/man/pki---req.8.in rename to src/pki/man/pki---req.1.in index 9986f7feb8..ab144ce2a2 100644 --- a/src/pki/man/pki---req.8.in +++ b/src/pki/man/pki---req.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-REQ" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-REQ" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -30,7 +30,7 @@ pki \-\-req \- Create a PKCS#10 certificate request .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) is used to create a PKCS#10 certificate request. . .SH "OPTIONS" @@ -74,18 +74,18 @@ Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or Generate a certificate request for an RSA key, with a subjectAltName extension: .PP .EX - ipsec pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ - \-\-san moon@strongswan.org > req.der + pki \-\-req \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ + \-\-san moon@strongswan.org > req.der .EE .PP Generate a certificate request for an ECDSA key and a different digest: .PP .EX - ipsec pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\ - \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der + pki \-\-req \-\-in key.der \-\-type ecdsa \-\-digest sha256 \\ + \-\-dn "C=CH, O=strongSwan, CN=carol" > req.der .EE .PP . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---self.8.in b/src/pki/man/pki---self.1.in similarity index 93% rename from src/pki/man/pki---self.8.in rename to src/pki/man/pki---self.1.in index ad0c35c64a..ee42cf9a03 100644 --- a/src/pki/man/pki---self.8.in +++ b/src/pki/man/pki---self.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-SELF" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-SELF" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -44,7 +44,7 @@ pki \-\-self \- Create a self-signed certificate .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) is used to create a self-signed certificate. . .SH "OPTIONS" @@ -139,10 +139,10 @@ User notice for certificatePolicy. Generate a self-signed certificate using the given RSA key: .PP .EX - ipsec pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ - \-\-san moon.strongswan.org > cert.der + pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\ + \-\-san moon.strongswan.org > cert.der .EE . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---signcrl.8.in b/src/pki/man/pki---signcrl.1.in similarity index 88% rename from src/pki/man/pki---signcrl.8.in rename to src/pki/man/pki---signcrl.1.in index 7d67c4945e..6ba96f6bc1 100644 --- a/src/pki/man/pki---signcrl.8.in +++ b/src/pki/man/pki---signcrl.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-SIGNCRL" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-SIGNCRL" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -32,7 +32,7 @@ pki \-\-signcrl \- Issue a Certificate Revocation List (CRL) using a CA certific .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) is used to issue a Certificate Revocation List (CRL) using a CA certificate and private key. . @@ -107,18 +107,18 @@ Hexadecimal encoded serial number of the certificate to revoke. Revoke a certificate: .PP .EX - ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ - \-\-reason superseded \-\-cert cert.der > crl.der + pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ + \-\-reason superseded \-\-cert cert.der > crl.der .EE .PP Update an existing CRL with two new revocations, using the certificate's serial number, but no reason: .PP .EX - ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ - \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der + pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ + \-\-lastcrl old_crl.der \-\-serial 0123 \-\-serial 0345 > crl.der .EE .PP .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/pki---verify.8.in b/src/pki/man/pki---verify.1.in similarity index 90% rename from src/pki/man/pki---verify.8.in rename to src/pki/man/pki---verify.1.in index 39c46e6cba..de34acad43 100644 --- a/src/pki/man/pki---verify.8.in +++ b/src/pki/man/pki---verify.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-VERIFY" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-VERIFY" 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . @@ -25,7 +25,7 @@ pki \-\-verify \- Verify a certificate using a CA certificate .SH "DESCRIPTION" . This sub-command of -.BR ipsec\-pki (8) +.BR pki (1) verifies a certificate using an optional CA certificate. . .SH "OPTIONS" @@ -53,4 +53,4 @@ the verification failed. . .SH "SEE ALSO" . -.BR ipsec\-pki (8) \ No newline at end of file +.BR pki (1) \ No newline at end of file diff --git a/src/pki/man/ipsec-pki.8.in b/src/pki/man/pki.1.in similarity index 74% rename from src/pki/man/ipsec-pki.8.in rename to src/pki/man/pki.1.in index 9962250d9e..8dfc53af39 100644 --- a/src/pki/man/ipsec-pki.8.in +++ b/src/pki/man/pki.1.in @@ -1,17 +1,17 @@ -.TH IPSEC\-PKI 8 "2013-07-30" "@PACKAGE_VERSION@" "strongSwan" +.TH PKI 1 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . -ipsec pki \- Simple public key infrastructure (PKI) management tool +pki \- Simple public key infrastructure (PKI) management tool . .SH "SYNOPSIS" . -.SY "ipsec pki" +.SY "pki" .I command .RI [ option\~ .\|.\|.] .YS . -.SY "ipsec pki" +.SY "pki" .B \-h | .B \-\-help @@ -19,7 +19,7 @@ ipsec pki \- Simple public key infrastructure (PKI) management tool . .SH "DESCRIPTION" . -.B ipsec pki +.B pki is a suite of commands that allow you to manage a simple public key infrastructure (PKI). .P @@ -76,7 +76,7 @@ The first step is to generate a private key using the command. By default this generates a 2048-bit RSA key. .PP .EX - ipsec pki \-\-gen > ca_key.der + pki \-\-gen > ca_key.der .EE .PP This key is used to create the self-signed CA certificate, using the @@ -84,8 +84,8 @@ This key is used to create the self-signed CA certificate, using the command. The distinguished name should be adjusted to your needs. .PP .EX - ipsec pki \-\-self \-\-ca \-\-in ca_key.der \\ - \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der + pki \-\-self \-\-ca \-\-in ca_key.der \\ + \-\-dn "C=CH, O=strongSwan, CN=strongSwan CA" > ca_cert.der .EE .PP . @@ -97,14 +97,14 @@ which in turn can issue other certificates. To generate a certificate for a server, we start by generating a private key. .PP .EX - ipsec pki \-\-gen > server_key.der + pki \-\-gen > server_key.der .EE .PP The public key will be included in the certificate so lets extract that from the private key. .PP .EX - ipsec pki \-\-pub \-\-in server_key.der > server_pub.der + pki \-\-pub \-\-in server_key.der > server_pub.der .EE .PP The following command will use the CA certificate and private key to issue the @@ -114,9 +114,9 @@ and flags as needed (check for more options). .PP .EX - ipsec pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\ - \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\ - \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der + pki \-\-issue \-\-in server_pub.der \-\-cacert ca_cert.der \\ + \-\-cakey ca_key.der \-\-dn "C=CH, O=strongSwan, CN=VPN Server" \\ + \-\-san vpn.strongswan.org \-\-flag serverAuth > server_cert.der .EE .PP Instead of storing the public key in a separate @@ -132,8 +132,8 @@ the command. .PP .EX - ipsec pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ - \-\-reason superseded \-\-cert server_cert.der > crl.der + pki \-\-signcrl \-\-cacert ca_cert.der \-\-cakey ca_key.der \\ + \-\-reason superseded \-\-cert server_cert.der > crl.der .EE .PP The certificate given with \-\-cacert must be either a CA certificate or a @@ -144,14 +144,13 @@ certificates with the \-\-crl option. . .SH "SEE ALSO" . -.BR ipsec (8), -.BR pki\ \-\-gen (8), -.BR pki\ \-\-self (8), -.BR pki\ \-\-issue (8), -.BR pki\ \-\-signcrl (8), -.BR pki\ \-\-req (8), -.BR pki\ \-\-pkcs7 (8), -.BR pki\ \-\-keyid (8), -.BR pki\ \-\-print (8), -.BR pki\ \-\-pub (8), -.BR pki\ \-\-verify (8) +.BR pki\ \-\-gen (1), +.BR pki\ \-\-self (1), +.BR pki\ \-\-issue (1), +.BR pki\ \-\-signcrl (1), +.BR pki\ \-\-req (1), +.BR pki\ \-\-pkcs7 (1), +.BR pki\ \-\-keyid (1), +.BR pki\ \-\-print (1), +.BR pki\ \-\-pub (1), +.BR pki\ \-\-verify (1) -- 2.47.2