From a8ae2ea085dc0e8340381f7c171b31bbc3e9a7d0 Mon Sep 17 00:00:00 2001 From: Alex Bramley Date: Sun, 14 Feb 2010 06:35:20 +0000 Subject: [PATCH] remove outdated create-cert doc now it has been rewritten --- doc/create-cert.txt | 97 --------------------------------------------- 1 file changed, 97 deletions(-) delete mode 100644 doc/create-cert.txt diff --git a/doc/create-cert.txt b/doc/create-cert.txt deleted file mode 100644 index ca0a907..0000000 --- a/doc/create-cert.txt +++ /dev/null @@ -1,97 +0,0 @@ -# a brief man-page for create-cert.sh -# $Id: create-cert.txt 2660 2009-07-24 18:49:52Z alexeb $ - -NAME - create-cert.sh - generate a signed X.509 certificate - -SYNOPSIS - create-cert.sh -t server [options] - create-cert.sh -t client [options] - create-cert.sh -t user [options] - -DESCRIPTION - The create-cert.sh script creates the configuration files necessary - for generating a signed X.509 certificate, creates a certificate - signing request using these configuration files, and signs that request - using the root CA key so that it is trusted by anything that has - imported the CA certificate. - -OPTIONS - -h, --help - Prints out a short synopsis of the arguments that this script takes. - - -t, --type {server|client|user} - This argument is mandatory. create-cert.sh can create three types of - X.509 certificate: server, client, and user. These differ in the - X.509v3 extensions present, and in the uses the certificate is trusted - for. - - Server certificates are used for securing SSL/TLS services, such as - TLS-encrypted LDAP connections or SSL HTTP. In this case the - argument is used for the Common Name in the certificate, and any - additional alternative names supplied by -n are added to the X.509v3 - "SubjectAltName" extension. - - Client certificates are used for authenticating to SSL/TLS services. - For the most part they will be used by automated systems to identify - and authenticate to services they interact with. - - User certificates are for individuals to authenticate themselves to - SSL/TLS services in the same manner as client certificates, but they - may also be used for S/MIME e-mail encryption and code signing. - - -c, --comment "COMMENT" - This argument sets the "Netscape Comment" X.509 extension. - - -n, --alt-name HOSTNAME - This argument adds an alternative hostname to the "SubjectAltName" - X.509v3 extension. It may be supplied multiple times to add more than - one additional hostname. - - -l, --location LOCATION - This argument sets the "Location" field of the certificate's - distinguished name. Syggested values are "Maybrook House" and - "Jackson House", but the field is freeform text. - - -o, --org-unit TEAMNAME - This argument sets the "Organisational Unit" field of the certificate's - distinguished name. Ideally this should begin with "Manchester STG Lab" - for consistency's sake, for example: - - Manchester STG Lab Systems and Network Infrastructure - Manchester STG Lab Testing - Manchester STG Lab Starlight Development - - -e, --email EMAIL - This argument sets the "E-Mail Address" field of the certificate's - distinguished name. As per current X.509 standards this is actually - removed from the DN of the CSR and placed into the "SubjectAltName" - extension in the signed certificate. In general it should be a team - alias rather than an individual's address for server and client certs. - - -r, --csr-only - This argument causes create-cert.sh to only generate a new CSR. It will - not generate the request configuration files in cfg/ unless --tpl-only - is also passed; in this case it will just create the configuration - files instead. This allows you to re-generate a CSR after manually - tweaking the configuration files. - - -s, --crt-only - This argument causes create-cert.sh to only sign an existing CSR. As - with --csr-only, it will not generate extension configuration files - unless --tpl-only is also passed; again in this case it will just - create the configuration files so that you can re-sign the same CSR - with new extensions. - - -t, --tpl-only - This argument modifies the behaviour of the previous two options when - passed with them, as described above. On it's own it causes - create-cert.sh to generate both sets of configuration files, but - not generate either the signing request or the signed certificate. - -DEFAULTS - * The LOCATION defaults to "Maybrook House" - * The TEAM defaults to "Manchester STG Lab Systems and Network Infrastructure" - * The EMAIL defaults to "mcr_lab_lsni@wwpdl.vnet.ibm.com" - * There is no COMMENT set by default -