1SSCG(8)                 System Administration Utilities                SSCG(8)
2
3
4

NAME

6       sscg - Tool for generating x.509 certificates
7

SYNOPSIS

9       sscg [OPTION...]
10

DESCRIPTION

12       -q, --quiet
13              Display no output unless there is an error.
14
15       -v, --verbose
16              Display progress messages.
17
18       -d, --debug
19              Enable  logging  of  debug messages.  Implies verbose.  Warning!
20              This will print private key information to the screen!
21
22       -V, --version
23              Display the version number and exit.
24
25       -f, --force
26              Overwrite any pre-existing files in the requested locations
27
28       --lifetime=1-3650
29              Certificate lifetime (days). (default: 3650)
30
31       --country=US, CZ, etc.
32              Certificate DN: Country (C). (default: "US")
33
34       --state=Massachusetts, British Columbia, etc.
35              Certificate DN: State or Province (ST).
36
37       --locality=Westford, Paris, etc.
38              Certificate DN: Locality (L).
39
40       --organization=My Company
41              Certificate DN: Organization (O).  (default: "Unspecified")
42
43       --organizational-unit=Engineering, etc.
44              Certificate DN: Organizational Unit (OU).
45
46       --email=myname@example.com
47              Certificate DN: Email Address (Email).
48
49       --hostname=server.example.com
50              The valid hostname of the certificate. Must  be  an  FQDN.  (de‐
51              fault: current system FQDN)
52
53       --subject-alt-name alt.example.com
54              Optional  additional valid hostnames for the certificate. In ad‐
55              dition to hostnames, this option also  accepts  explicit  values
56              supported by RFC 5280 such as IP:xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy
57              May be specified multiple times.
58
59       --package=STRING
60              Unused. Retained for  compatibility  with  earlier  versions  of
61              sscg.
62
63       --key-strength=2048 or larger
64              Strength  of  the  certificate  private keys in bits.  (default:
65              2048)
66
67       --hash-alg={sha256,sha384,sha512}
68              Hashing algorithm to use for signing.  (default: "sha256")
69
70       --cipher-alg={des-ede3-cbc,aes-256-cbc}
71              Cipher   to   use   for   encrypting   key   files.    (default:
72              "aes-256-cbc")
73
74       --ca-file=STRING
75              Path  where  the public CA certificate will be stored. (default:
76              "./ca.crt")
77
78       --ca-mode=0644
79              File mode of the created CA certificate.
80
81       --ca-key-file=STRING
82              Path where the CA's private key will be stored. If  unspecified,
83              the key will be destroyed rather than written to the disk.
84
85       --ca-key-mode=0600
86              File mode of the created CA key.
87
88       --ca-key-password=STRING
89              Provide  a  password for the CA key file. Note that this will be
90              visible in the process table for all users, so it should be used
91              for    testing    purposes   only.   Use   --ca-keypassfile   or
92              --ca-key-password-prompt for secure password entry.
93
94       --ca-key-passfile=STRING
95              A file containing the password to encrypt the CA key file.
96
97       -C, --ca-key-password-prompt
98              Prompt to enter a password for the CA key file.
99
100       --crl-file=STRING
101              Path where an (empty) Certificate Revocation List file  will  be
102              created,  for  applications that expect such a file to exist. If
103              unspecified, no such file will be created.
104
105       --crl-mode=0644
106              File mode of the created Certificate Revocation List.
107
108       --cert-file=STRING
109              Path where the public service certificate will be stored.   (de‐
110              fault "./service.pem")
111
112       --cert-mode=0644
113              File mode of the created certificate.
114
115       --cert-key-file=STRING
116              Path  where  the service's private key will be stored.  (default
117              "service-key.pem")
118
119       --cert-key-mode=0600
120              File mode of the created certificate key.
121
122       -p, --cert-key-password=STRING
123              Provide a password for the service key  file.   Note  that  this
124              will be visible in the process table for all users, so this flag
125              should be used for testing purposes only. Use --cert-keypassfile
126              or --cert-key-password-prompt for secure password entry.
127
128       --cert-key-passfile=STRING
129              A file containing the password to encrypt the service key file.
130
131       -P, --cert-key-password-prompt
132              Prompt to enter a password for the service key file.
133
134       --client-file=STRING
135              Path where a client authentication certificate will be stored.
136
137       --client-mode=0644
138              File mode of the created certificate.
139
140       --client-key-file=STRING
141              Path where the client's private key will be stored.  (default is
142              the client-file)
143
144       --client-key-mode=0600
145              File mode of the created certificate key.
146
147       --client-key-password=STRING
148              Provide a password for the client key file.  Note that this will
149              be  visible  in  the  process  table for all users, so this flag
150              should be used for testing purposes only. Use  --client-keypass‐
151              file or --client-key-password-prompt for secure password entry.
152
153       --client-key-passfile=STRING
154              A file containing the password to encrypt the client key file.
155
156       --client-key-password-prompt
157              Prompt to enter a password for the client key file.
158
159       --dhparams-file=STRING
160              A  file to contain a set of generated Diffie-Hellman parameters.
161              If unspecified, no such file will be created.
162
163       --dhparams-prime-len=INT
164              The length of the prime number  to  generate  for  dhparams,  in
165              bits. (default: 2048)
166
167       --dhparams-generator={2,3,5}
168              The generator value for dhparams.  (default: 2)
169
170   Help options:
171       -?, --help
172              Show this help message
173
174       --usage
175              Display brief usage message
176
177
178
179sscg 2.6.2                        March 2021                           SSCG(8)
Impressum