Merge pull request #5714 from alexischr/update_bockbuild

[mono.git] / man / makecert.1

diff --git a/man/makecert.1 b/man/makecert.1
old mode 100755 (executable)
new mode 100644 (file)
index 3a1b105..41284a4
--- a/man/makecert.1
+++ b/man/makecert.1
@@ -1,7 +1,7 @@
 .\" 
 .\" makecert manual page.
 .\" Copyright 2003 Motus Technologies
 .\" 
 .\" makecert manual page.
 .\" Copyright 2003 Motus Technologies

-.\" Copyright 2004 Novell
+.\" Copyright 2004-2005, 2011 Novell

 .\" Author:
 .\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
 .\" Author:
 .\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"


@@ -104,14 +104,60 @@ applicable for certificates that have BasicConstraint set to Authority (-cy
 authority). This is used to limit the chain of certificates than can be
 issued under this authority.
 .TP
 authority). This is used to limit the chain of certificates than can be
 issued under this authority.
 .TP

+.I "-alt filename"
+Add a subjectAltName extension to the certificate. Each line from 'filename'
+will be added as a DNS entry of the extension. This option is useful if you
+want to create a single SSL certificate to work on several hosts that do not
+share a common domain name (i.e. CN=*.domain.com would not work).
+.TP

 .I "-eku oid[,oid]"
 Add some extended key usage OID to the certificate.
 .TP
 .I "-eku oid[,oid]"
 Add some extended key usage OID to the certificate.
 .TP

+.I "-p12 pkcs12file password"
+Create a new PKCS#12 file containing both the certificates (the subject and
+possibly the issuer's) and the private key. The PKCS#12 file is protected 
+with the specified password. This option is
+.B mono exclusive.
+.TP

 .I "-?"
 Help (display this help message)
 .TP
 .I "-!"
 Extended help (for advanced options)
 .I "-?"
 Help (display this help message)
 .TP
 .I "-!"
 Extended help (for advanced options)

+.SH EXAMPLES
+.PP
+To create a SSL test (i.e. non trusted) certificate is easy
+once your know your host's name. The following command will create a 
+test certificate for an SSL server:
+.nf
+       $ hostname 
+       pollux
+
+       $ makecert -r -eku 1.3.6.1.5.5.7.3.1 -n "CN=pollux" -sv pollux.pvk pollux.cer
+       Success
+.fi
+.PP
+In particular in the above example, the parameters used to build this
+test certificate were:
+.TP 
+.I "-r"
+Create a self-signed certificate (i.e. without an hierarchy). 
+.TP
+.I "-eku 1.3.6.1.5.5.7.3.1"
+Optional (as sadly most client don't require it). This indicates that
+your certificate is intended for server-side authentication.
+.TP 
+.I "-n \"CN=pollux\""
+Common Name (CN) = Host name. This is verified the SSL client and must
+match the connected host (or else you'll get a warning or error or
+*gasp* nothing).
+.TP 
+.I "-sv private.key"
+The private key file. The key (1024 bits RSA key pair) will be
+automatically generated if the specified file isn't present.
+.TP 
+.I "pollux.cer"
+The SSL certificate to be created for your host.

 .SH KNOWN RESTRICTIONS
 Compared to the Windows version some options aren't supported (-$, -d, -l, 
 -nscp, -is, -sc, -ss). Also PVK files with passwords aren't supported.
 .SH KNOWN RESTRICTIONS
 Compared to the Windows version some options aren't supported (-$, -d, -l, 
 -nscp, -is, -sc, -ss). Also PVK files with passwords aren't supported.


@@ -119,11 +165,11 @@ Compared to the Windows version some options aren't supported (-$, -d, -l,
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 

-Copyright (C) 2004 Novell. 
+Copyright (C) 2004-2005 Novell. 

 Released under BSD license.
 .SH MAILING LISTS
 Released under BSD license.
 .SH MAILING LISTS

-Visit http://mail.ximian.com/mailman/mono-list for details.
+Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.

 .SH WEB SITE
 .SH WEB SITE

-Visit: http://www.go-mono.com for details
+Visit http://www.mono-project.com for details

 .SH SEE ALSO
 .BR signcode(1)
 .SH SEE ALSO
 .BR signcode(1)