skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of chapter: CDSA Utility ProgramsCDSA Utility Programs
 
go to next page: CDSA$ISSUER.EXECDSA$ISSUER.EXE
end of book navigation links

CDSA$CERTGEN.EXE 



The certgen utility allows the user to create digital certificatesin the form runfilename.cer. Private keys will be placed in [.CDSA.PKD]csp-name.PRI under the login directory of the current process.

This program generally is called by CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM.

SYNOPSIS 

certgen [runfilename]

OPTIONS 

runfilename This optional parameter specifies the name of therun file that contains the parameters that certgen needs to createa certificate. If no run file is specified, the default run fileis certgen.run in the current directory.
A certgen run file contains the following items as appropriate,each on a separate line:
certype location
 certtype can be one of the following:

-s Indicates a self-signed certificate.
-i Indicates a certificate signed by another certificate.
-v Indicates that the created certificate takes itssubject and public key from a certificate issued by another vendor.You cannot use this option to create a self-signed certificate.
location Indicates where the issuer certificate is read fromif -i or -v is specified.
filename If certtype is -s or -i, filename indicates the location of the XML template that contains the Subject Name that must go into this certificate. If certtype is -v, filename indicates the location of the Vendor Certificate.
algorithm Indicates the algorithm used to generate the keypair associated with the certificate being created. The specifiedalgorithm must be supported by one of the Cryptographic Service Providersavailable in the local implementation of CDSA. The algorithm canbe either DSA or RSA. This parameter is not valid if -v isspecified for certtype.
keysize Specifies the logical key size (in bits) of thekey pair being generated. Typical examples are 128, 256, 512, 1024,and so on. The specified key size must be supported by one of the CryptographicService Providers available in the local implementation of CDSA. This parameter is not valid if -v is specifiedfor certtype.
cspguid The globally unique identifier of the CryptographicService Provider that is being used.
certfile The output file into which the created certificateis to be written.
subject_password
 The password used to protect a key pair if one isbeing generated. This parameter is not valid if -v isspecified for certtype.
issuer_password
 The password used to unlock the private key requiredto sign the generated certificate. This parameter is not validif -s is specified for certtype.
validity_period
 The validity period for the certificate. This parametercontains a start and end date for the validity period in the formYYMMDDHHMMSS YYMMDDHHMMSS. The validity period cannot extend beyondthe year 2049. If validity_period is not specified, the validity period for the certificatelasts for exactly one year.

EXAMPLE 

$ certgen intmods.run
The following is an example of a run file (intmods.run) that creates a certificate named intmods.cer, which is signed by intmanf.cer and generates a 1024-bit DSA key pair.
-i intmanf.cerintmods.xmldsa1024{67ef50d0-fe74-11d2-a8e6-0090271d266f}intmods.cerintmodsintmanf001013000000 101013000000
 
go to next page: CDSA$ISSUER.EXECDSA$ISSUER.EXE