


   SPX Version 2.2                                            createcertif(1)



   Name
     createcertif - SPX createcertif utility generates a X.509 certificate
     stating that the issuer certifies the subject's public key

   Syntax
     createcertif [ -tx ] [ -v _y_e_a_r ] [ -e _d_a_y_s ] [ -s _s_e_r_i_a_l__n_u_m_b_e_r ] [ -d
     _p_r_e_f_i_x ] _i_s_s_u_e_r _s_u_b_j_e_c_t

   Description
     The _c_r_e_a_t_e_c_e_r_t_i_f command is used to create public key certificates
     according to ISO Standard 9594-8 (also CCITT Standard X.509).  The cer-
     tificate is signed with the issuer's private key and encoded using the
     Basic Encoding Rules (ISO8825).  The result is written to a ASCII-
     encoded hex file.

     The issuer's private key file (_i_s_s_u_e_r_privkey) and the subject's public
     key file (_s_u_b_j_e_c_t_pubkey) must exist in the current directory.  Other-
     wise an error message will be displayed.

     You will need to use _c_r_e_a_t_e_c_e_r_t_i_f in those situations in which new prin-
     cipals are being added to the system, and when the principal decides to
     trust additional CAs.

     Certificates expire either in the number of days specified, one year
     from the current date, or December 31, 1992, whichever comes first.

     Names in certificates are normally hierarchically related.  The Issuer
     name is normally constructed subordinate to the domain prefix (obtained
     from the file /etc/cdc.conf) by appending the relative distinguished
     name (RDN) OU=_i_s_s_u_e_r.  The Subject name is normally constructed by
     appending the RDN CN=_s_u_b_j_e_c_t to the Issuer name.  A cdc.conf file in the
     principal's home directory overrides one in /etc.  Alternately, the
     domain may be explicitly specified using the -d option.

     A trusted authority certificate reverses these Issuer and Subject names,
     and permits a principal to sign a certificate for the public key of its
     immediate superior in the naming hierarchy. To create a "cross" certifi-
     cate with arbitrary names, use the -x option.

   Options

     -v _v_e_r_s_i_o_n          Specifies the version number.  Recoginzed are _1_9_8_8
                         (the default) and _1_9_9_2 (includes UIDs from the key
                         files)

     -e _d_a_y_s             Expiration in days.  Defaults to 365.

     -d _d_o_m_a_i_n__p_r_e_f_i_x_n_a_m_e
                         Allows explicit domain name to be specified to over-
                         ride the local configuration file(s).

     -s _s_e_r_i_a_l__n_u_m       Serial number.  Defaults to 1.



   Digital Equipment Corporation                                            1






   createcertif(1)                                            SPX Version 2.2


     -a                  Create an "auto certificate" where the issuer certi-
                         fies its own name and key.

     -V                  Verbose mode

     -i                  Uses indefinite constructed form for lengths in BER
                         encoded certificate

     -x                  Create a cross certificate.  Will prompt for issuer
                         and subject domains, unless the domain_prefixname is
                         specified.

     -t                  Create a trusted authority certificate.

   Files

     _i_s_s_u_e_r_privkey, _s_u_b_j_e_c_t_pubkey, _i_s_s_u_e_r_certif__s_u_b_j_e_c_t, /etc/cdc.conf or
     ~/cdc.conf

   See Also

     spx(1), createkey(1), cdb_edit(8)


































   2                                            Digital Equipment Corporation


99