X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=man%2Fmakecert.1;h=41284a47ae6d8a29234bec2e7d28a1c006e8d8b8;hb=3ab1a56f73cac926676e24b58d07bf0c4e75d3eb;hp=0329bc5fc27ed29366985957083382dba602e2a3;hpb=8ebb644811329806b44ae7a7842b4a26e1aef938;p=mono.git

diff --git a/man/makecert.1 b/man/makecert.1
old mode 100755
new mode 100644
index 0329bc5fc27..41284a47ae6
--- a/man/makecert.1
+++ b/man/makecert.1
@@ -1,15 +1,16 @@
 .\" 
 .\" makecert manual page.
 .\" Copyright 2003 Motus Technologies
+.\" Copyright 2004-2005, 2011 Novell
 .\" Author:
-.\"   Sebastien Pouliot (spouliot@motus.com)
+.\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
 .TH Mono "MakeCert"
 .SH NAME
 MakeCert \- Create X.509 certificates for test purposes
 .SH SYNOPSIS
 .PP
-.B MakeCert [options] certificate
+.B makecert [options] certificate
 .SH DESCRIPTION
 Create an X.509 certificate using the provided informations. This
 is useful for testing Authenticode signatures, SSL and S/MIME
@@ -17,72 +18,158 @@ technologies.
 .SH PARAMETERS
 .TP
 .I "-# num"
-Certificate serial number
+Specify the certificate serial number.
 .TP
 .I "-n dn"
-Subject Distinguished Name
+Specify the subject Distinguished Name (DN).
 .TP
 .I "-in dn"
-Issuert Distinguished Name
+Specify the issuer Distinguished Name (DN).
 .TP
 .I "-r"
-Create a self-signed (root) certificate
-.TP
-.I "-sv pkvfile"
-Private key file (.PVK) for the subject (created if missing)
+Create a self-signed, also called root, certificate.
 .TP
 .I "-iv pvkfile"
-Private key file (.PVK) for the issuer
+Specify the private key file (.PVK) for the issuer. The private key in the 
+specified file will be used to sign the new certificate.
 .TP
 .I "-ic certfile"
-Extract the issuer's name from the specified certificate
+Extract the issuer's name from the specified certificate file - i.e. the
+subject name of the specified certificate becomes the issuer name of the
+new certificate.
 .TP
-.I "-?"
-Help (display this help message)
+.I "-in name"
+Use the issuer's name from the specified parameter.
 .TP
-.I "-!"
-Extended help (for advanced options)
+.I "-ik container"
+Specify the key container name to be used for the issuer.
+.TP
+.I "-iky [signature | exchange | #]"
+Specify the key number to be used in the provider (when used with -ik).
+.TP
+.I "-ip provider"
+Specify the cryptographic provider to be used for the issuer.
+.TP
+.I "-ir [localmachine | currentuser]"
+Specify the provider will search the user or the machine keys containers for
+the issuer.
+.TP
+.I "-iy number"
+Specify the provider type to be used for the issuer.
+.TP
+.I "-sv pkvfile"
+Specify the private key file (.PVK) for the subject. The public part of the
+key will be inserted into the created certificate. If non-existant the 
+specified file will be created with a new key pair (default to 1024 bits RSA
+key pair).
+.TP
+.I "-sk container"
+Specify the key container name to be used for the subject.
+.TP
+.I "-sky [signature | exchange | #]"
+Specify the key number to be used in the provider (when used with -sk).
+.TP
+.I "-sp provider"
+Specify the cryptographic provider to be used for the subject.
+.TP
+.I "-sr [localmachine | currentuser]"
+Specify the provider will search the user or the machine keys containers for
+the subject.
+.TP
+.I "-sy number"
+Specify the provider type to be used for the issuer.
 .TP
 .I "-a hash"
-Select hash algorithm. Only MD5 and SHA1 are supported.
+Select hash algorithm. Only MD5 and SHA1 algorithms are supported.
 .TP
 .I "-b date"
 The date since when the certificate is valid (notBefore).
 .TP
-.I "-cy [authority|end]"
-Basic constraints. Select Authority or End-Entity certificate.
-.TP
 .I "-e date"
 The date until when the certificate is valid (notAfter).
 .TP
-.I "-eku oid[,oid]"
-Add some extended key usage OID to the certificate.
+.I "-m number"
+Specify the certificate validity period in months. This is added to the
+notBefore validity date which can be set with -b or will default to the 
+current date/time.
+.TP
+.I "-cy [authority|end]"
+Basic constraints. Select Authority or End-Entity certificate. Only Authority
+certificates can be used to sign other certificates (-ic). End-Entity can
+be used by clients (e.g. Authenticode, S/MIME) or servers (e.g. SSL).
 .TP
 .I "-h number"
-Add a path length restriction to the certificate chain.
+Add a path length restriction to the certificate chain. This is only 
+applicable for certificates that have BasicConstraint set to Authority (-cy 
+authority). This is used to limit the chain of certificates than can be
+issued under this authority.
 .TP
-.I "-ic cert"
-Take the issuer's name from the specified certificate.
+.I "-alt filename"
+Add a subjectAltName extension to the certificate. Each line from 'filename'
+will be added as a DNS entry of the extension. This option is useful if you
+want to create a single SSL certificate to work on several hosts that do not
+share a common domain name (i.e. CN=*.domain.com would not work).
 .TP
-.I "-in name"
-Take the issuer's name from the specified parameter.
+.I "-eku oid[,oid]"
+Add some extended key usage OID to the certificate.
 .TP
-.I "-iv pvkfile"
-Sign the certificate using the private key inside the PVK file.
+.I "-p12 pkcs12file password"
+Create a new PKCS#12 file containing both the certificates (the subject and
+possibly the issuer's) and the private key. The PKCS#12 file is protected 
+with the specified password. This option is
+.B mono exclusive.
 .TP
-.I "-m number"
-Certificate validity period (in months).
+.I "-?"
+Help (display this help message)
 .TP
-.I "-sv pvkfile"
-Create a new PVK file if non-existant, otherwise use the PVK file as the subject public key.
+.I "-!"
+Extended help (for advanced options)
+.SH EXAMPLES
+.PP
+To create a SSL test (i.e. non trusted) certificate is easy
+once your know your host's name. The following command will create a 
+test certificate for an SSL server:
+.nf
+	$ hostname 
+	pollux
+
+	$ makecert -r -eku 1.3.6.1.5.5.7.3.1 -n "CN=pollux" -sv pollux.pvk pollux.cer
+	Success
+.fi
+.PP
+In particular in the above example, the parameters used to build this
+test certificate were:
+.TP 
+.I "-r"
+Create a self-signed certificate (i.e. without an hierarchy). 
+.TP
+.I "-eku 1.3.6.1.5.5.7.3.1"
+Optional (as sadly most client don't require it). This indicates that
+your certificate is intended for server-side authentication.
+.TP 
+.I "-n \"CN=pollux\""
+Common Name (CN) = Host name. This is verified the SSL client and must
+match the connected host (or else you'll get a warning or error or
+*gasp* nothing).
+.TP 
+.I "-sv private.key"
+The private key file. The key (1024 bits RSA key pair) will be
+automatically generated if the specified file isn't present.
+.TP 
+.I "pollux.cer"
+The SSL certificate to be created for your host.
+.SH KNOWN RESTRICTIONS
+Compared to the Windows version some options aren't supported (-$, -d, -l, 
+-nscp, -is, -sc, -ss). Also PVK files with passwords aren't supported.
 .SH AUTHOR
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 
+Copyright (C) 2004-2005 Novell. 
 Released under BSD license.
 .SH MAILING LISTS
-Visit http://mail.ximian.com/mailman/mono-list for details.
+Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.
 .SH WEB SITE
-Visit: http://www.go-mono.com for details
+Visit http://www.mono-project.com for details
 .SH SEE ALSO
 .BR signcode(1)