1winpr-makecert(1) FreeRDP winpr-makecert(1)
2
6 winpr-makecert - A tool to create X.509 certificates.
7
9 winpr-makecert [-rdp] [-silent] [-live] [-format { crt | pem | pfx }]
10 [-p password] [-n common_name] [-y years] [-m months] [-len length] [-#
11 serial] [-a { md5 | sha1 | sha256 | s384 | sha512 }] [-path outputpath]
12 [outputname]
13
15 winpr-makecert is a tool for generating X.509 certificates modeled
16 after the Windows command MakeCert. winpr-makecert aims to be command
17 line compatible with MakeCert however not all options are supported or
18 implemented yet.
19 Unimplemented features are not described here. They are marked as
21 "Unsupported" in winpr-makecerts help.
22 In contrast to it's Windows counterpart winpr-makecert does, unless the
24 -live option is given, always creates and save a certificate. If out‐
25 putname isn't set it is tried to determine the host name of the com‐
26 puter the command is run on.
27 Warning: if the file already exists it will be overwritten without ask‐
28 ing.
29 Without further options the generated certificates have the following
31 properties:
32 * 2048 bit long
34 * sha256 as hash algorithm
35 * the detected host name is used as common name
36 * a time stamp is used as serial number
37 * validity period of one year
38 * saved in the current working directory in crt format
39
41 -rdp Dummy parameter. Can be used to quickly generate a certificate
42 with default properties without specifying any further parame‐
43 ters.
44 -silent
46 Don't print the generated certificate to stdout.
47 -f format
49 Three formats are supported: crt, pem and pfx.
50 crt outputs the key and the certificate in a separate file each
51 with the file endings .key and .crt.
52 pem outputs the key and certificate into a single file with the
53 file ending pem.
54 And pfx outputs key and certificate into a pkcs12 file with the
55 ending .pfx.
56 -p password
58 Password to use if the pfx format is used as format.
59 -live Don't write the key/certificate to disk. When used from the com‐
61 mand line this can be thought as "dummy" mode.
62 -n common_name
64 The common name to use in the certificate.
65 -m months
67 Validity period in months.
68 -y years
70 Validity period in years. If months and years are specified the
71 specified month parameter will take precedence.
72 -len length
74 Key length in bits to use.
75 -a { md5 | sha1 | sha256 | s384 | sha512 }
77 The hashing algorithm to use.
78 -# serial
80 The serial number to use for the certificate.
81 -path A directory where the certificate should be created in.
83 outputname
85 The base name of the created file(s). A suffix, the format spe‐
86 cific suffix is appended to this name.
87
89 winpr-makecert -rdp
90 Creates a certificate with the default properties, saved to a file in
92 the current working directory in crt format named like the host. If the
93 host is named freerdp the created files are called freerdp.key and
94 freerdp.crt.
95 winpr-makecert -len 4096 -a sha384 -path /tmp -# 22 -m 144 -y 1 -format
98 crt mycert
99 The command above creates the file /tmp/mycert.pem containing a key and
101 a certificate with a length of 4096. It will use sha384 as hash algo‐
102 rithm. The certificate has the serial number 22 and is valid for 12
103 years (144 months).
104
106 0 Successful program execution.
107 1 Otherweise.
109
112 MakeCert help page ⟨https://msdn.microsoft.com/library/windows/desktop/
113 aa386968.aspx⟩
114
117 FreeRDP <team@freerdp.com>
1182.0.0-rc4 2017-01-11 winpr-makecert(1)