1GENKEY(1) GENKEY(1)
2
3
4
6 genkey - generate SSL certificates and certificate requests
7
9 genkey [--test] [--days count] [[--genreq] | [--makeca]] {hostname}
10
12 genkey is an interactive command-line tool which can be used to
13 generate SSL certificates or Certificate Signing Requests (CSR).
14 Generated certificates are stored in the directory /etc/pki/tls/certs/,
15 and the corresponding private key in /etc/pki/tls/private/.
16
17 genkey will prompt for the size of key desired; whether or not to
18 generate a CSR; whether or not an encrypted private key is desired; the
19 certificate subject DN details.
20
21 genkey generates random data for the private key using the truerand
22 library and also by prompting the user for entry of random text.
23
25 --makceca
26 Generate a Certificate Authority keypair.
27
28 --genreq
29 Generate a Certificate Signing Request for an existing private key,
30 which can be submitted to a CA (for example, for renewal).
31
32 --days count
33 When generating a self-signed certificate, specify that the number
34 of days for which the certificate is valid be count rather than the
35 default value of 30.
36
37 --test
38 For test purposes only; omit the slow process of generating random
39 data.
40
42 The following example will create a self-signed certificate and private
43 key for the hostname www.example.com:
44
45 # genkey --days 120 www.example.com
46
47
48
50 /etc/pki/tls/openssl.cnf
51
53 certwatch(1)
54
55
56
57crypto-utils April 2005 GENKEY(1)