Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Mono(MakeCert)							Mono(MakeCert)

NAME
       MakeCert	- Create X.509 certificates for	test purposes

SYNOPSIS
       makecert	[options] certificate

DESCRIPTION
       Create  an  X.509  certificate using the	provided informations. This is
       useful for testing Authenticode signatures, SSL	and  S/MIME  technolo-
       gies.

PARAMETERS
       -# num Specify the certificate serial number.

       -n dn  Specify the subject Distinguished	Name (DN).

       -in dn Specify the issuer Distinguished Name (DN).

       -r     Create a self-signed, also called	root, certificate.

       -iv pvkfile
	      Specify  the private key file (.PVK) for the issuer. The private
	      key in the specified file	will be	used to	sign the new  certifi-
	      cate.

       -ic certfile
	      Extract  the issuer's name from the specified certificate	file -
	      i.e. the subject name of the specified certificate  becomes  the
	      issuer name of the new certificate.

       -in name
	      Use the issuer's name from the specified parameter.

       -ik container
	      Specify the key container	name to	be used	for the	issuer.

       -iky [signature | exchange | #]
	      Specify  the  key	 number	 to be used in the provider (when used
	      with -ik).

       -ip provider
	      Specify the cryptographic	provider to be used for	the issuer.

       -ir [localmachine | currentuser]
	      Specify the provider will	search the user	or  the	 machine  keys
	      containers for the issuer.

       -iy number
	      Specify the provider type	to be used for the issuer.

       -sv pkvfile
	      Specify  the private key file (.PVK) for the subject. The	public
	      part of the key will be inserted into the	 created  certificate.
	      If  non-existant	the  specified file will be created with a new
	      key pair (default	to 1024	bits RSA key pair).

       -sk container
	      Specify the key container	name to	be used	for the	subject.

       -sky [signature | exchange | #]
	      Specify the key number to	be used	in  the	 provider  (when  used
	      with -sk).

       -sp provider
	      Specify the cryptographic	provider to be used for	the subject.

       -sr [localmachine | currentuser]
	      Specify  the  provider  will search the user or the machine keys
	      containers for the subject.

       -sy number
	      Specify the provider type	to be used for the issuer.

       -a hash
	      Select hash algorithm. Only MD5 and  SHA1	 algorithms  are  sup-
	      ported.

       -b date
	      The date since when the certificate is valid (notBefore).

       -e date
	      The date until when the certificate is valid (notAfter).

       -m number
	      Specify the certificate validity period in months. This is added
	      to the notBefore validity	date which can be set with -b or  will
	      default to the current date/time.

       -cy [authority|end]
	      Basic  constraints.  Select Authority or End-Entity certificate.
	      Only Authority certificates can be used to sign  other  certifi-
	      cates  (-ic).  End-Entity	can be used by clients (e.g. Authenti-
	      code, S/MIME) or servers (e.g. SSL).

       -h number
	      Add a path length	restriction to the certificate chain. This  is
	      only  applicable	for certificates that have BasicConstraint set
	      to Authority (-cy	authority). This is used to limit the chain of
	      certificates than	can be issued under this authority.

       -alt filename
	      Add  a  subjectAltName  extension	 to the	certificate. Each line
	      from 'filename' will be added as a DNS entry of  the  extension.
	      This  option  is	useful if you want to create a single SSL cer-
	      tificate to work on several hosts	that do	not share a common do-
	      main name	(i.e. CN=*.domain.com would not	work).

       -eku oid[,oid]
	      Add some extended	key usage OID to the certificate.

       -p12 pkcs12file password
	      Create  a	new PKCS#12 file containing both the certificates (the
	      subject and possibly the issuer's)  and  the  private  key.  The
	      PKCS#12  file is protected with the specified password. This op-
	      tion is mono exclusive.

       -?     Help (display this help message)

       -!     Extended help (for advanced options)

EXAMPLES
       To create a SSL test (i.e. non trusted) certificate is easy  once  your
       know  your  host's  name. The following command will create a test cer-
       tificate	for an SSL server:
	    $ hostname
	    pollux

	    $ makecert -r -eku 1.3.6.1.5.5.7.3.1 -n "CN=pollux"	-sv pollux.pvk pollux.cer
	    Success

       In particular in	the above example, the parameters used to  build  this
       test certificate	were:

       -r     Create a self-signed certificate (i.e. without an	hierarchy).

       -eku 1.3.6.1.5.5.7.3.1
	      Optional (as sadly most client don't require it).	This indicates
	      that your	certificate is intended	 for  server-side  authentica-
	      tion.

       -n     Common  Name  (CN)  = Host name. This is verified	the SSL	client
	      and must match the connected host	(or else you'll	get a  warning
	      or error or *gasp* nothing).

       -sv private.key
	      The  private  key	file. The key (1024 bits RSA key pair) will be
	      automatically generated if the specified file isn't present.

       pollux.cer
	      The SSL certificate to be	created	for your host.

KNOWN RESTRICTIONS
       Compared	to the Windows version some options aren't supported (-$,  -d,
       -l,  -nscp,  -is,  -sc, -ss). Also PVK files with passwords aren't sup-
       ported.

AUTHOR
       Written by Sebastien Pouliot

COPYRIGHT
       Copyright (C) 2003 Motus	Technologies.  Copyright (C) 2004-2005 Novell.
       Released	under BSD license.

MAILING	LISTS
       Visit  http://lists.ximian.com/mailman/listinfo/mono-devel-list for de-
       tails.

WEB SITE
       Visit http://www.mono-project.com for details

SEE ALSO
       signcode(1)

								Mono(MakeCert)

NAME | SYNOPSIS | DESCRIPTION | PARAMETERS | EXAMPLES | KNOWN RESTRICTIONS | AUTHOR | COPYRIGHT | MAILING LISTS | WEB SITE | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=makecert&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help