1. certified-ca(1)
2. Certified
3. certified-ca(1)

NAME

certified-ca - generate a CA

SYNOPSIS

certified-ca [--bits=bits] [--crl-url=crl-url] [--days=days] [--db=db] [--ocsp-url=ocsp-url] [--password=password] [--revoke] [--root-crl-url=root-crl-url] C=country [ST=state] L=locality [O=organization] CN=common-name

DESCRIPTION

Generate two private keys. The first is self-signed to generate the root CA certificate. It is then used to sign the second to generate the intermediate CA certificate. The root CA certificate should be installed on laptops and servers. The intermediate CA signs subsequent certificates and may itself be revoked in the event its private key is compromised.

db is an OpenSSL database that certified(1) uses to issue and revoke certificates.

OPTIONS

--bits=bits

Bits to use for the private key (defaults to 2048).

--crl-url=crl-url

CRL distribution URL for the intermediate CA.

--days=days

Days until the certificate expires (defaults to 3650).

--db=db

OpenSSL database directory (defaults to etc/ssl).

--ocsp-url=ocsp-url

OCSP responder URL.

--password=password

Password for the CA private key.

--revoke

Revoke an intermediate CA certificate.

--root-crl-url=root-crl-url

CRL distribution URL for the root CA.

C=country

Certificate country.

ST=state

Certificate state.

L=locality

Certificate Locality (usually a city).

O=organization

Certificate organization (usually a company).

CN=common-name

Certificate common name (usually a domain name or Company CA).

+dns, +ip

Add a DNS name or IP address to the certificate's subject alternative names.

THEME SONG

Led Zeppelin - "Fool in the Rain"

AUTHOR

Richard Crowley <r@rcrowley.org>

SEE ALSO

certified(1), certified-ls(1), certified-yaml(1)

certified-csr(1), certified-crt(1), certified-revoke(1)

openssl(1), ca(1), genrsa(1), req(1), x509(1)

https://github.com/rcrowley/certified/wiki

2. April 2014
3. certified-ca(1)