.\" Generated by kramdown-man 0.1.8
.\" https://github.com/postmodern/kramdown-man#readme
.TH ronin-cert-gen 1 "May 2022" Ronin "User Manuals"
.LP
.SH SYNOPSIS
.LP
.HP
\fBronin cert-gen\fR \[lB]\fIoptions\fP\[rB]
.LP
.SH DESCRIPTION
.LP
.PP
Generates a new X509 certificate\.
.LP
.SH OPTIONS
.LP
.TP
\fB--version\fR \fINUM\fP
The certificate version number Defaults to \fB2\fR if not given\.
.LP
.TP
\fB--serial\fR \fINUM\fP
The certificate serial number Defaults to \fB0\fR if not given\.
.LP
.TP
\fB--not-before\fR \fITIME\fP
When the certificate becomes valid\. Defaults to the current time\.
.LP
.TP
\fB--not-after\fR \fITIME\fP
When the certificate becomes no longer valid\. Defaults to one year from now\.
.LP
.TP
\fB-c\fR, \fB--common-name\fR \fIDOMAIN\fP
The Common Name (CN) for the certificate\.
.LP
.TP
\fB-A\fR, \fB--subject-alt-name\fR \fIHOST\fP\[or]\fIIP\fP
Adds HOST or IP to \fBsubjectAltName\fR\.
.LP
.TP
\fB-O\fR, \fB--organization\fR \fINAME\fP
The Organization (O) for the certificate\.
.LP
.TP
\fB-U\fR, \fB--organizational-unit\fR \fINAME\fP
The Organizational Unit (OU)\.
.LP
.TP
\fB-L\fR, \fB--locality\fR \fINAME\fP
The locality for the certificate\.
.LP
.TP
\fB-S\fR, \`\-\-state \fIXX\fP
The two\-letter State (ST) code for the certificate\.
.LP
.TP
\fB-C\fR, \fB--country\fR \fIXX\fP
The two\-letter Country (C) code for the certificate\.
.LP
.HP
\fB-t\fR, \fB--key-type\fR rsa\[or]ec\fB            The signing key type
    --generate-key PATH          Generates and saves a random key (Default: key.pem)
-k, --key-file FILE              Loads the signing key from the FILE
\fR\-H\fB, \fR\-\-signing\-hash\fB \fRsha256\fB\|\fRsha1\fB\|\fRmd5\fB
  The hash algorithm to use for signing. Defaults to \fRsha256\` if not given\.
.LP
.TP
\fB--ca-key\fR \fIFILE\fP
The Certificate Authority (CA) key\.
.LP
.TP
\fB--ca-cert\fR \fIFILE\fP
The Certificate Authority (CA) certificate\.
.LP
.TP
\fB--ca\fR
Generates a CA certificate\.
.LP
.TP
\fB-o\fR, \fB--output\fR \fIFILE\fP
The output file to save the generated certificate to\. Defaults to \fBcert.crt\fR
if not given\.
.LP
.TP
\fB-h\fR, \fB--help\fR
Print help information\.
.LP
.SH EXAMPLES
.LP
.PP
Generates self\-signed certificate in \fBcert.crt\fR and a new private key in \fBkey.pem\fR:
.LP
.nf
    ronin cert\-gen \-c test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e
                   \-L \[dq]Test City\[dq] \-S NY \-C US
.fi
.LP
.PP
Generates a new self\-signed certificate for \fBtest.com\fR in \fBcert.crt\fR using the private key in
\fBprivate.key\fR:
.LP
.nf
    ronin cert\-gen \-c test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e
                   \-L \[dq]Test City\[dq] \-S NY \-C US \e
                   \-\-key\-file private\.key
.fi
.LP
.PP
Generates a new self\-signed certificate with a alternative name \fBwww.test.com\fR:
.LP
.nf
    ronin cert\-gen \-c test\.com \-A www\.test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e
                   \-L \[dq]Test City\[dq] \-S NY \-C US
.fi
.LP
.PP
Generates a new CA certificate which can sign other certificates:
.LP
.nf
    ronin cert\-gen \-\-ca \-c \[dq]Test CA\[dq] \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e
                   \-L \[dq]Test City\[dq] \-S NY \-C US
.fi
.LP
.PP
Generates a new sub\-certificate using the CA certificate \fBca.crt\fR and signing key \fBca.key\fR:
.LP
.nf
    ronin cert\-gen \-c test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e
                   \-L \[dq]Test City\[dq] \-S NY \-C US \e
                   \-\-ca\-key ca\.key \-\-ca\-cert ca\.crt
.fi
.LP
.SH AUTHOR
.LP
.PP
Postmodern 
.MT postmodern\.mod3\[at]gmail\.com
.ME
.LP
.SH SEE ALSO
.LP
.PP
ronin\-cert\-grab(1) ronin\-cert\-dump(1)