remove outdated create-cert doc now it has been rewritten

2010-02-14 06:35:20 +00:00 · 2010-02-14 06:35:20 +00:00 · a8ae2ea085
parent a560f2e713
commit a8ae2ea085
1 changed files with 0 additions and 97 deletions
--- a/doc/create-cert.txt
+++ b/doc/create-cert.txt
@ -1,97 +0,0 @@
-# a brief man-page for create-cert.sh
-# $Id: create-cert.txt 2660 2009-07-24 18:49:52Z alexeb $
-
-NAME
-        create-cert.sh - generate a signed X.509 certificate
-
-SYNOPSIS
-        create-cert.sh -t server [options] <hostname>
-        create-cert.sh -t client [options] <hostname>
-        create-cert.sh -t user   [options] <username>
-
-DESCRIPTION
-        The create-cert.sh script creates the configuration files necessary
-        for generating a signed X.509 certificate, creates a certificate
-        signing request using these configuration files, and signs that request
-        using the root CA key so that it is trusted by anything that has
-        imported the CA certificate.
-
-OPTIONS
-    -h, --help
-        Prints out a short synopsis of the arguments that this script takes.
-
-    -t, --type {server|client|user}
-        This argument is mandatory. create-cert.sh can create three types of
-        X.509 certificate: server, client, and user. These differ in the
-        X.509v3 extensions present, and in the uses the certificate is trusted
-        for.
-
-        Server certificates are used for securing SSL/TLS services, such as
-        TLS-encrypted LDAP connections or SSL HTTP. In this case the <hostname>
-        argument is used for the Common Name in the certificate, and any
-        additional alternative names supplied by -n are added to the X.509v3 
-        "SubjectAltName" extension.
-
-        Client certificates are used for authenticating to SSL/TLS services.
-        For the most part they will be used by automated systems to identify
-        and authenticate to services they interact with.
-
-        User certificates are for individuals to authenticate themselves to
-        SSL/TLS services in the same manner as client certificates, but they
-        may also be used for S/MIME e-mail encryption and code signing.
-
-    -c, --comment "COMMENT"
-        This argument sets the "Netscape Comment" X.509 extension.
-
-    -n, --alt-name HOSTNAME
-        This argument adds an alternative hostname to the "SubjectAltName"
-        X.509v3 extension. It may be supplied multiple times to add more than
-        one additional hostname.
-
-    -l, --location LOCATION
-        This argument sets the "Location" field of the certificate's
-        distinguished name. Syggested values are "Maybrook House" and 
-        "Jackson House", but the field is freeform text.
-
-    -o, --org-unit TEAMNAME
-        This argument sets the "Organisational Unit" field of the certificate's
-        distinguished name. Ideally this should begin with "Manchester STG Lab"
-        for consistency's sake, for example:
-            
-            Manchester STG Lab Systems and Network Infrastructure
-            Manchester STG Lab Testing
-            Manchester STG Lab Starlight Development
-
-    -e, --email EMAIL
-        This argument sets the "E-Mail Address" field of the certificate's
-        distinguished name. As per current X.509 standards this is actually
-        removed from the DN of the CSR and placed into the "SubjectAltName"
-        extension in the signed certificate. In general it should be a team
-        alias rather than an individual's address for server and client certs.
-
-    -r, --csr-only
-        This argument causes create-cert.sh to only generate a new CSR. It will
-        not generate the request configuration files in cfg/ unless --tpl-only
-        is also passed; in this case it will just create the configuration
-        files instead. This allows you to re-generate a CSR after manually
-        tweaking the configuration files.
-
-    -s, --crt-only
-        This argument causes create-cert.sh to only sign an existing CSR. As
-        with --csr-only, it will not generate extension configuration files
-        unless --tpl-only is also passed; again in this case it will just
-        create the configuration files so that you can re-sign the same CSR
-        with new extensions.
-
-    -t, --tpl-only
-        This argument modifies the behaviour of the previous two options when
-        passed with them, as described above. On it's own it causes
-        create-cert.sh to generate both sets of configuration files, but
-        not generate either the signing request or the signed certificate.
-
-DEFAULTS
-        * The LOCATION defaults to "Maybrook House"
-        * The TEAM defaults to "Manchester STG Lab Systems and Network Infrastructure"
-        * The EMAIL defaults to "mcr_lab_lsni@wwpdl.vnet.ibm.com"
-        * There is no COMMENT set by default
-