.\"
.\" makecert manual page.
.\" Copyright 2003 Motus Technologies
-.\" Copyright 2004 Novell
+.\" Copyright 2004-2005, 2011 Novell
.\" Author:
.\" Sebastien Pouliot (sebastien@ximian.com)
.\"
authority). This is used to limit the chain of certificates than can be
issued under this authority.
.TP
+.I "-alt filename"
+Add a subjectAltName extension to the certificate. Each line from 'filename'
+will be added as a DNS entry of the extension. This option is useful if you
+want to create a single SSL certificate to work on several hosts that do not
+share a common domain name (i.e. CN=*.domain.com would not work).
+.TP
.I "-eku oid[,oid]"
Add some extended key usage OID to the certificate.
.TP
+.I "-p12 pkcs12file password"
+Create a new PKCS#12 file containing both the certificates (the subject and
+possibly the issuer's) and the private key. The PKCS#12 file is protected
+with the specified password. This option is
+.B mono exclusive.
+.TP
.I "-?"
Help (display this help message)
.TP
.I "-!"
Extended help (for advanced options)
+.SH EXAMPLES
+.PP
+To create a SSL test (i.e. non trusted) certificate is easy
+once your know your host's name. The following command will create a
+test certificate for an SSL server:
+.nf
+ $ hostname
+ pollux
+
+ $ makecert -r -eku 1.3.6.1.5.5.7.3.1 -n "CN=pollux" -sv pollux.pvk pollux.cer
+ Success
+.fi
+.PP
+In particular in the above example, the parameters used to build this
+test certificate were:
+.TP
+.I "-r"
+Create a self-signed certificate (i.e. without an hierarchy).
+.TP
+.I "-eku 1.3.6.1.5.5.7.3.1"
+Optional (as sadly most client don't require it). This indicates that
+your certificate is intended for server-side authentication.
+.TP
+.I "-n \"CN=pollux\""
+Common Name (CN) = Host name. This is verified the SSL client and must
+match the connected host (or else you'll get a warning or error or
+*gasp* nothing).
+.TP
+.I "-sv private.key"
+The private key file. The key (1024 bits RSA key pair) will be
+automatically generated if the specified file isn't present.
+.TP
+.I "pollux.cer"
+The SSL certificate to be created for your host.
.SH KNOWN RESTRICTIONS
Compared to the Windows version some options aren't supported (-$, -d, -l,
-nscp, -is, -sc, -ss). Also PVK files with passwords aren't supported.
Written by Sebastien Pouliot
.SH COPYRIGHT
Copyright (C) 2003 Motus Technologies.
-Copyright (C) 2004 Novell.
+Copyright (C) 2004-2005 Novell.
Released under BSD license.
.SH MAILING LISTS
-Visit http://mail.ximian.com/mailman/mono-list for details.
+Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.
.SH WEB SITE
-Visit: http://www.go-mono.com for details
+Visit http://www.mono-project.com for details
.SH SEE ALSO
.BR signcode(1)