.\" Generated by kramdown-man 1.0.1 .\" https://github.com/postmodern/kramdown-man#readme .TH ronin-cert-gen 1 "2023-02-01" Ronin "User Manuals" .SH NAME .PP ronin\-cert\-gen \- Generates a new X509 certificate .SH SYNOPSIS .PP \fBronin cert\-gen\fR \[lB]\fIoptions\fP\[rB] .SH DESCRIPTION .PP Generates a new X509 certificate\. .SH OPTIONS .TP \fB\-\-version\fR \fINUM\fP The certificate version number Defaults to \fB2\fR if not given\. .TP \fB\-\-serial\fR \fINUM\fP The certificate serial number Defaults to \fB0\fR if not given\. .TP \fB\-\-not\-before\fR \fITIME\fP When the certificate becomes valid\. Defaults to the current time\. .TP \fB\-\-not\-after\fR \fITIME\fP When the certificate becomes no longer valid\. Defaults to one year from now\. .TP \fB\-c\fR, \fB\-\-common\-name\fR \fIDOMAIN\fP The Common Name (CN) for the certificate\. .TP \fB\-A\fR, \fB\-\-subject\-alt\-name\fR \fIHOST\fP\[or]\fIIP\fP Adds HOST or IP to \fBsubjectAltName\fR\. .TP \fB\-O\fR, \fB\-\-organization\fR \fINAME\fP The Organization (O) for the certificate\. .TP \fB\-U\fR, \fB\-\-organizational\-unit\fR \fINAME\fP The Organizational Unit (OU)\. .TP \fB\-L\fR, \fB\-\-locality\fR \fINAME\fP The locality for the certificate\. .TP \fB\-S\fR, \fB\-\-state\fR \fIXX\fP The two\-letter State (ST) code for the certificate\. .TP \fB\-C\fR, \fB\-\-country\fR \fIXX\fP The two\-letter Country (C) code for the certificate\. .TP \fB\-t\fR, \fB\-\-key\-type \fRrsa\fB\e\[or]\fRdsa\fB\e\[or]\fRec\` The signing key type\. .TP \fB\-\-generate\-key\fR \fIPATH\fP Generates and saves a random key\. Defaults to \fBkey\.pem\fR if not given\. .TP \fB\-k\fR, \fB\-\-key\-file\fR \fIFILE\fP Loads the signing key from the \fIFILE\fP\. .TP \fB\-H\fR, \fB\-\-signing\-hash\fR \fBsha256\fR\[or]\fBsha1\fR\[or]\fBmd5\fR The hash algorithm to use for signing\. Defaults to \fBsha256\fR if not given\. .TP \fB\-\-ca\-key\fR \fIFILE\fP The Certificate Authority (CA) key\. .TP \fB\-\-ca\-cert\fR \fIFILE\fP The Certificate Authority (CA) certificate\. .TP \fB\-\-ca\fR Generates a CA certificate\. .TP \fB\-o\fR, \fB\-\-output\fR \fIFILE\fP The output file to save the generated certificate to\. Defaults to \fBcert\.crt\fR if not given\. .TP \fB\-h\fR, \fB\-\-help\fR Print help information\. .SH EXAMPLES .PP Generates self\-signed certificate in \fBcert\.crt\fR and a new private key in \fBkey\.pem\fR: .PP .RS 4 .EX \[Do] ronin cert\-gen \-c test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e \-L \[dq]Test City\[dq] \-S NY \-C US .EE .RE .PP Generates a new self\-signed certificate for \fBtest\.com\fR in \fBcert\.crt\fR using the private key in \fBprivate\.key\fR: .PP .RS 4 .EX \[Do] ronin cert\-gen \-c test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e \-L \[dq]Test City\[dq] \-S NY \-C US \e \-\-key\-file private\.key .EE .RE .PP Generates a new self\-signed certificate with a alternative name \fBwww\.test\.com\fR: .PP .RS 4 .EX \[Do] ronin cert\-gen \-c test\.com \-A www\.test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e \-L \[dq]Test City\[dq] \-S NY \-C US .EE .RE .PP Generates a new CA certificate which can sign other certificates: .PP .RS 4 .EX \[Do] ronin cert\-gen \-\-ca \-c \[dq]Test CA\[dq] \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e \-L \[dq]Test City\[dq] \-S NY \-C US .EE .RE .PP Generates a new sub\-certificate using the CA certificate \fBca\.crt\fR and signing key \fBca\.key\fR: .PP .RS 4 .EX \[Do] ronin cert\-gen \-c test\.com \-O \[dq]Test Co\[dq] \-U \[dq]Test Dept\[dq] \e \-L \[dq]Test City\[dq] \-S NY \-C US \e \-\-ca\-key ca\.key \-\-ca\-cert ca\.crt .EE .RE .SH AUTHOR .PP Postmodern .MT postmodern\.mod3\[at]gmail\.com .ME .SH SEE ALSO .PP .BR ronin\-cert\-grab (1) .BR ronin\-cert\-dump (1)