Finish up script documentation.

This commit is contained in:
Alex Bramley 2010-02-16 06:35:57 +00:00
parent d219ac769f
commit 2d51d1ef50
4 changed files with 96 additions and 20 deletions

View file

@ -27,8 +27,10 @@ B<ca-init> [B<-h>] | [B<--help>]
B<ca-init> reads the ca-scripts configuration file and generates an openssl(1) B<ca-init> reads the ca-scripts configuration file and generates an openssl(1)
configuration file and an X.509 certificate and key suitable for use as an configuration file and an X.509 certificate and key suitable for use as an
x509(1) certificate authority. The format of the ca-scripts configuration file x509(1) certificate authority. It can also optionally generate an HTML file
is documented in ca-scripts.conf(5). with MD5 and SHA1 fingerprints suitable for publishing the CA certificate and
the CRL. The format of the ca-scripts configuration file is documented in
ca-scripts.conf(5).
=head1 OPTIONS =head1 OPTIONS

0
doc/ca-renew-cert.pod Normal file → Executable file
View file

92
doc/ca-revoke-cert.pod Executable file
View file

@ -0,0 +1,92 @@
#! /bin/sh
if [ -z "$1" -o "$1" == "man" ]; then
exec /usr/bin/pod2man -n CA-REVOKE-CERT -s 1 -d "12 February 2010" \
-r "ca-scripts version 0.9" -c "SSL Certificate Authority utilities" $0
elif [ "$1" == "html" ]; then
exec /usr/bin/pod2html --title "ca-revoke-cert(1)" < $0
elif [ "$1" == "text" ]; then
exec /usr/bin/pod2text -o $0
fi
echo "Unrecognised output format '$1', try man, html, or text."
exit 1
=pod
=head1 NAME
ca-revoke-cert - revoke a certificate and re-generate CRL
=head1 SYNOPSIS
B<ca-revoke-cert> -t I<type> [B<-f> I<config>] [B<-i> I<template>]
[B<-o> I<file>] I<hostname, username, or path to certificate>
B<ca-revoke-cert> [B<-h>] | [B<--help>]
=head1 DESCRIPTION
B<ca-revoke-cert> revokes certificates generated with ca-create-cert(1) and
updates the CA's certificate revocation lists in both PEM and DER-encoded
formats. It can also optionally generate an HTML file with MD5 and SHA1
fingerprints suitable for publishing the CA certificate and the CRL.
=head1 OPTIONS
B<ca-revoke-cert> can infer the correct cached configurations to use for
certificate revocation from the hostname of a I<server> or I<client>, the
username of a I<user>, or the path to a previously generated certificate of any
type.
=over
=item B<-t> I<TYPE>, B<--type> I<TYPE>
This argument is mandatory and tells B<ca-revoke-cert> what type of certificate
it is revoking, either I<server>, I<client>, or I<user>.
=item B<-f> I<FILE>, B<--config> I<FILE>
Load the ca-scripts configuration from I<FILE> instead of
I</etc/ca-scripts.conf>.
=item B<-i> I<FILE>, B<--template> I<FILE>
Use the index.html template in I<FILE> rather than the standard one provided
with ca-scripts. See the B<TEMPLATING> section of ca-scripts.conf(5) for more
details of the templating system. Hint: it's sed(1) based...
=item B<-o> I<FILE>, B<--output> I<FILE>
Generate a HTML page in I<FILE> suitable for serving your CA certificate and
revocation lists via HTTP. The default template is basic but provides MD5 and
SHA1 fingerprints of both files for verification purposes.
=back
=head1 BUGS
Probably. At the moment the revocation reason is hardcoded to "superseded";
this may change in future releases along with code to deal with key compromise.
Additionally, the CRLv2 extension I<issuingDistributionPoint> is not yet set in
generated CRLs due to requiring a very recent version of openssl(1).
=head1 AVAILABILITY
New releases of the ca-scripts utilities can be found at
L<the developer's website|http://www.pl0rt.org/code/ca-scripts>.
A L<git repository|git://git.pl0rt.org/alex/code/ca-scripts>
for development versions also exists.
=head1 AUTHORS
Copyright 2009, 2010 Alex Bramley a.bramley@gmail.com
=head1 SEE ALSO
ca-init(1), ca-create-cert(1), ca-renew-cert(1), ca-scripts.conf(5),
openssl(1ssl), ca(1ssl), req(1ssl), x509(1ssl), config(5ssl), and
x509v3_config(5ssl).
=cut

View file

@ -1,18 +0,0 @@
# a brief man-page for revoke-cert.sh
# $Id: revoke-cert.txt 2660 2009-07-24 18:49:52Z alexeb $
NAME
revoke-cert.sh - revoke a certificate and generate revocation list
SYNOPSIS
revoke-cert.sh /path/to/certificate
revoke-cert.sh <hostname>
revoke-cert.sh <username>
DESCRIPTION
This script revokes the provided certificate and updates the revocation
list. It generates both a PEM and a DER encoded version of the CRL for
different browsers, and updates the html page with the new fingerprints.
OPTIONS
This script takes no options.