ndnsec-cert-gen¶
Synopsis¶
ndnsec cert-gen [-h] [-S timestamp] [-E timestamp] [-I info]… [-s signer] [-i issuer] file
Description¶
This command takes a signing request as input and issues an identity certificate for the key contained in the signing request. A signing request is generated automatically by ndnsec-key-gen for any new key, or it can be manually created for an existing key with ndnsec-sign-req.
Unless specified otherwise, the default key is used to sign the issued certificate.
file is the name of a file that contains the signing request. If file is “-”, the signing request is read from the standard input.
The generated certificate is written to the standard output in Base64 encoding.
Options¶
- -S <timestamp>, --not-before <timestamp>¶
Date and time when the certificate becomes valid, in “YYYYMMDDhhmmss” format. The default value is now.
- -E <timestamp>, --not-after <timestamp>¶
Date and time when the certificate expires, in “YYYYMMDDhhmmss” format. The default value is 365 days after the
--not-before
timestamp.
- -I <info>, --info <info>¶
Other information to be included in the issued certificate. Must be in the form of key and value pairs, where the key is an arbitrary string without spaces, followed by one or more spaces, followed by an arbitrary string representing the value. This option may be repeated multiple times.
For example:
-I "affiliation Some Organization" -I "homepage https://home.page/"
- -s <signer>, --sign-id <signer>¶
Signing identity. The default key/certificate of signer will be used to sign the requested certificate. If this option is not specified, the system default identity will be used.
- -i <issuer>, --issuer-id <issuer>¶
Issuer’s ID to be included in the issued certificate name. The default value is “NA”.
Examples¶
$ ndnsec cert-gen -S 20200501000000 -E 20210101000000 -I "affiliation Some Organization" -I "foobar Foo Bar" -i "Universe" -s /ndn/test request.cert > signed.cert
$ cat signed.cert
Bv0BcgctCAdleGFtcGxlCANLRVkICOQUmX8oloLrCAhVbml2ZXJzZQgJ/QAAAXHR
Ak6CFAkYAQIZBAA27oAVWzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDpJsCkv
E5RMjxRVdyK6W6z+FoCq+qREEn/sxf+n2gnsl25qm1NarCfSGf96zIJy9BRA9btu
MMeuWlAN/ymvMFwWkBsBAxwcBxoIA25kbggEdGVzdAgDS0VZCAhJP1OaKLualf0A
/Sb9AP4PMjAyMDA1MDFUMDAwMDAw/QD/DzIwMjEwMTAxVDAwMDAwMP0BAkH9AgAk
/QIBC2FmZmlsaWF0aW9u/QICEVNvbWUgT3JnYW5pemF0aW9u/QIAFf0CAQZmb29i
YXL9AgIHRm9vIEJhchdHMEUCIQDPT9Hq1kvkE0r9W1aYSBVTnHlTEzgtz+v1DwkC
ug/vLAIgY3xJITCwf55sqey33q5GIQSk1TRCkNNl58ojvPs5sNU=
$ ndnsec cert-dump -p -f signed.cert
Certificate Name:
/example/KEY/%E4%14%99%7F%28%96%82%EB/Universe/%FD%00%00%01q%D1%02N%82
Additional Description:
affiliation: Some Organization
foobar: Foo Bar
Public Key:
Key Type: 256-bit EC
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOkmwKS8TlEyPFFV3IrpbrP4WgKr6
pEQSf+zF/6faCeyXbmqbU1qsJ9IZ/3rMgnL0FED1u24wx65aUA3/Ka8wXA==
Validity:
Not Before: 2020-05-01T00:00:00
Not After: 2021-01-01T00:00:00
Signature Information:
Signature Type: SignatureSha256WithEcdsa
Key Locator: Name=/ndn/test/KEY/I%3FS%9A%28%BB%9A%95
See Also¶
ndnsec-cert-dump(1), ndnsec-cert-install(1), ndnsec-key-gen(1), ndnsec-sign-req(1)