Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
lprng_certs(1)		      lprng_certs command		lprng_certs(1)

       lprng_certs - lprng SSL certificate management

       lprng_certs option
	 init	  - make directory structure
	 newca	  - make new root CA
	 defaults - set	new default values for certs
	 gen	  - generate user, server, or signing cert
	 index [dir] - index cert files
	 verify	[cert] - verify	cert file
	 encrypt keyfile
		  - set	or change keyfile password

       The  lprng_certs	 program  is  used  to manage SSL certificates for the
       LPRng software.	There SSL certificate structure	consists of a  hierar-
       chy  of	certificates.	The  LPRng software assumes that the following
       types of	certificates will be used:

       CA or root
	      A	top level or self-signed certificate.

	      A	certificate that can be	used to	sign other certificates.  This
	      is signed	by the root CA or another signing certificate.

       user   A	 certificate  used by a	user to	identify themselves to the lpd

       server A	certificate used by the	lpd server to identify	themselves  to
	      the user or other	lpd servers.

Signing	Certificates
       All  of	the signing certificates, including the	root certificate (root
       CA), /usr/local/etc//, are in the same  directory  as  the
       root  CA	 file.	 Alternately, all of the signing certs can be concate-
       nated and put into a single file, which by  convention  is  assumed  to
       have  the same name as the root CA file,	/usr/local/etc//
       The ssl_ca_file,	ssl_ca_path, and ssl_ca_key printcap and configuration
       options	can  be	 used to specify the locations of the root CA files, a
       directory containing the	signing	certificate files, and the private key
       file for	the root CA file respectively.

       The root	certificate (root CA file) /usr/local/etc// has a
       private key file	/usr/local/etc// as well.	By convention,
       the  private keys for the other signing certificate files are stored in
       the certificate file.

       The OpenSSL software requires that this directory also contain a	set of
       hash files which	are, in	effect,	links to these files.

       By  default, all	signing	certificates are assumed to be in the same di-
       rectory as the root certificate.

Server Certificates
       The certificate used by the lpd server are kept in  another  directory.
       These files do not need to have hash links to them.  By convention, the
       private keys for	these certificate files	are stored in the  certificate
       file.   The server certificate file is specified	by the ssl_server_cert
       and has the default value /usr/local/etc//ssl.server/server.crt.	  This
       file  contains  the cert	and private key.  The server certificate pass-
       word  file is specified by the ssl_server_password option with the  de-
       fault value

       and  contains  the password used	to decrypt the servers private key and
       use it for authentication.  This	key file should	be read	 only  by  the
       lpd server.

User Certificates
       The  certificates used by users are kept	in a separate directory	in the
       users home directory.  By convention, the private keys for  these  cer-
       tificate	files are stored in the	certificate file.

       The  user certificate file is specified by the LPR_SSL_FILE environment
       variable, otherwise the ${HOME}/.lpr/client.crt is used.	 The  password
       is  taken  from	the file specified by the LPR_SSL_PASSWORD environment
       variable, otherwise the ${HOME}/.lpr/client.pwd file is read.

       The organization	of the SSL certificates	used by	LPRng  is  similar  to
       that  used  by  other programs such as the Apache mod_ssl support.  The
       lprng_certs program is used to create the directory  structure,	create
       certificates  for  the root CA, signing,	user and servers.  In order to
       make management simple, the following support is	provided.

lprng_certs init
       This command creates the	directories used by the	 lpd  server.	It  is
       useful when setting up a	new lpd	server.

lprng_certs newca
       This  command  creates a	self-signed certificate, suitable for use as a
       root CA certificate.  It	also sets up a set of default values for other
       certificate creation.

lprng_certs defaults
       This command is used to modify the set of default values.

       The  default  values  are listed	and should be self-explanatory,	except
       for the value of	the signer certificate.	 By default, the root  CA  can
       be  used	 to  sign certificates.	 However, a signing certificate	can be
       used as well.  This allows delegation of	signing	authority without com-
       promising the security of the root CA.

lprng_certs gen
       This is used to generate	a user,	server,	or signing certificate.

lprng_certs index
       This is used to create the indexes for the signing certificates.

lprng_certs verify [cert]
       This  checks the	certificate file using the Openssl openssl verify com-

lprng_certs encrypt keyfile
       This removes all	key information	from the key file, reencrypts the  key
       information, and	the puts the encrypted key information in the file.

       Option			Purpose
       ssl_ca_path		directory holding the SSL signing certs
       ssl_ca_file		file holding the root CA or all	SSL signing certs
       ssl_server_cert		cert file for the server
       ssl_server_password	file containing	password for server server
       ${HOME}/.lpr/client.crt	client certificate file
       ${HOME}/.lpr/client.pwd	client certificate private key password

       LPR_SSL_FILE		client certificate file
       LPR_SSL_PASSWORD		client certificate private key password

       The following exit values are returned:

       zero (0)	      Successful completion.

       non-zero	(!=0) An error occurred.

       lpd.conf(5),  lpc(8),  lpd(8),  checkpc(8),  lpr(1),  lpq(1),  lprm(1),
       printcap(5), lpd.conf(5), pr(1),	lprng_certs(1),	lprng_index_certs(1).

       Patrick Powell <>.

       LPRng is	a enhanced printer spooler system with	functionality  similar
       to  the	Berkeley  LPR  software.   The LPRng developer mailing list is;      subscribe      by      visiting	  or   sending
       mail to with	the word subscribe  in
       the body.
       The software is available via

LPRng				  2006-12-09			lprng_certs(1)

NAME | SYNOPSIS | DESCRIPTION | Signing Certificates | Server Certificates | User Certificates | USING LPRNG_CERTS | lprng_certs init | lprng_certs newca | lprng_certs defaults | lprng_certs gen | lprng_certs index | lprng_certs verify [cert] | lprng_certs encrypt keyfile | LPRng OPTIONS | ENVIRONMENT VARIABLES | EXIT STATUS | SEE ALSO | AUTHOR | HISTORY

Want to link to this manual page? Use this URL:

home | help