Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   18016 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PKI --ACERT(1)			  strongSwan			PKI --ACERT(1)

NAME
       pki --acert - Issue an attribute certificate

SYNOPSIS
       pki --acert [--in file] [--group membership]
		   --issuerkey file|--issuerkeyid hex --issuercert file
		   [--lifetime hours] [--not-before datetime] [--not-
		   after datetime] [--serial hex] [--digest digest]
		   [--outform encoding] [--debug level]

       pki --acert --options file

       pki --acert -h | --help

DESCRIPTION
       This  sub-command  of  pki(1) is used to issue an attribute certificate
       using an issuer certificate with its private key and  the  holder  cer‐
       tificate.

OPTIONS
       -h, --help
	      Print usage information with a summary of the available options.

       -v, --debug level
	      Set debug level, default: 1.

       -+, --options file
	      Read command line options from file.

       -i, --in file
	      Holder certificate to issue an attribute certificate for. If not
	      given the certificate is read from STDIN.

       -m, --group membership
	      Group membership the attribute certificate  shall	 certify.  The
	      specified	 group	is  included  as a string. To include multiple
	      groups, the option can be repeated.

       -k, --issuerkey file
	      Issuer  private  key  file.  Either  this	 or  --issuerkeyid  is
	      required.

       -x, --issuerkeyid hex
	      Key  ID  of  a issuer private key on a smartcard. Either this or
	      --issuerkey is required.

       -c, --issuercert file
	      Issuer certificate file. Required.

       -l, --lifetime hours
	      Hours the attribute certificate is valid, default:  24.  Ignored
	      if both an absolute start and end time are given.

       -F, --not-before datetime
	      Absolute	time  when the validity of the AC begins. The datetime
	      format is defined by the --dateform option.

       -T, --not-after datetime
	      Absolute time when the validity of the  AC  ends.	 The  datetime
	      format is defined by the --dateform option.

       -D, --dateform form
	      strptime(3) format for the --not-before and --not-after options,
	      default: %d.%m.%y %T

       -s, --serial hex
	      Serial number in hex. It is randomly allocated by default.

       -g, --digest digest
	      Digest to use for signature creation. One of md5, sha1,  sha224,
	      sha256, sha384, or sha512. Defaults to sha1.

       -f, --outform encoding
	      Encoding of the created certificate file. Either der (ASN.1 DER)
	      or pem (Base64 PEM), defaults to der.

EXAMPLES
       To save repetitive typing, command line options can be stored in files.
       Lets assume acert.opt contains the following contents:

	 --issuercert aacert.der --issuerkey aakey.der --digest sha256 --lifetime 4

       Then  the  following command can be used to issue an attribute certifi‐
       cate based on a holder certificate and the options above:

	 pki --acert --options acert.opt --in holder.der --group sales --group finance -f pem

SEE ALSO
       pki(1)

5.1.3				  2014-02-05			PKI --ACERT(1)

Vote for polarhome