1certtool(1) General Commands Manual certtool(1)
2
6 certtool - Manipulate certificates and keys.
7
9 certtool [options]
10
12 Generate X.509 certificates, certificate requests, and private keys.
13
15 Program control options
16 --copyright
17 Shows the program's license
18 -d, --debug LEVEL
20 Specify the debug level. Default is 1.
21 -h, --help
23 Shows this help text
24 -v, --version
26 Shows the program's version
27 Getting information
30 -i, --certificate-info
31 Print information on a certificate.
32 -k, --key-info
34 Print information on a private key.
35 -l, --crl-info
37 Print information on a CRL.
38 --p12-info
40 Print information on a PKCS #12 structure.
41 Generating/verifying certificates/keys
44 -c, --generate-certificate
45 Generate a signed certificate.
46 -e, --verify-chain
48 Verify a PEM encoded certificate chain. The last certificate in
49 the chain must be a self signed one.
50 --generate-dh-params
52 Generate PKCS #3 encoded Diffie Hellman parameters.
53 --load-ca-certificate FILE
55 Certificate authority's certificate file to use.
56 --load-ca-privkey FILE
58 Certificate authority's private key file to use.
59 --load-certificate FILE
61 Certificate file to use.
62 --load-privkey FILE
64 Private key file to use.
65 --load-request FILE
67 Certificate request file to use.
68 -p, --generate-privkey
70 Generate a private key.
71 -q, --generate-request
73 Generate a PKCS #10 certificate request.
74 -s, --generate-self-signed
76 Generate a self-signed certificate.
77 -u, --update-certificate
79 Update a signed certificate.
80 Controlling output
83 -8, --pkcs8
84 Use PKCS #8 format for private keys.
85 --dsa Generate a DSA key.
87 --bits BITS
89 Specify the number of bits for key generation.
90 --export-ciphers
92 Use weak encryption algorithms.
93 --inder
95 Use DER format for input certificates and private keys.
96 --infile FILE
98 Input file.
99 --outder
101 Use DER format for output certificates and private keys.
102 --outfile FILE
104 Output file.
105 --password PASSWORD
107 Password to use.
108 --to-p12
110 Generate a PKCS #12 structure.
111 --template
113 Use a template file to read input. See the doc/certtool.cfg in
114 the distribution, for an example.
115 --fix-key
117 Some previous versions of certtool generated wrongly the
118 optional parameters in a private key. This may affect programs
119 that used them. To fix an old private key use --key-info in com‐
120 bination with this parameter.
121
124 To create a private key, run:
125 $ certtool --generate-privkey --outfile key.pem
127 To create a certificate request, run:
129 $ certtool --generate-request --load-privkey key.pem \
131 --outfile request.pem
132 To generate a certificate using the previous request, use the command:
134 $ certtool --generate-certificate --load-request request.pem \
136 --outfile cert.pem --load-ca-certificate ca-cert.pem \
137 --load-ca-privkey ca-key.pem
138 To view the certificate information, use:
140 $ certtool --certificate-info --infile cert.pem
142 To generate a PKCS #12 structure using the previous key and certifi‐
144 cate, use the command:
145 $ certtool --load-certificate cert.pem --load-privkey key.pem \
147 --to-p12 --outder --outfile key.p12
148
151 Nikos Mavroyanopoulos <nmav@gnutls.org> and others; see
152 /usr/share/doc/gnutls-bin/AUTHORS for a complete list.
153 This manual page was written by Ivo Timmermans <ivo@debian.org>, for
155 the Debian GNU/Linux system (but may be used by others).
156 May 23rd 2005 certtool(1)