.de URL \\$2 \(laURL: \\$1 \(ra\\$3 .. .if \n[.g] .mso www.tmac .TH @MANPAGE_NAME@ 1 2017-01-11 "@WINPR_VERSION_FULL@" "FreeRDP" .SH NAME @MANPAGE_NAME@ \- A tool to create X.509 certificates. .SH SYNOPSIS .B @MANPAGE_NAME@ [\fB-rdp\fP] [\fB-silent\fP] [\fB-live\fP] [\fB-format\fP { \fIcrt\fP | \fIpem\fP | \fIpfx\fP }] [\fB-p\fP password] [\fB-n\fP common_name] [\fB-y\fP years] [\fB-m\fP months] [\fB-len\fP length] [\fB-#\fP serial] [\fB-a\fP { \fImd5\fP | \fIsha1\fP | \fIsha256\fP | \fIs384\fP | \fIsha512\fP }] [\fB-path\fP outputpath] [outputname] .SH DESCRIPTION .B @MANPAGE_NAME@ is a tool for generating X.509 certificates modeled after the Windows command MakeCert. @MANPAGE_NAME@ aims to be command line compatible with MakeCert however not all options are supported or implemented yet. Unimplemented features are not described here. They are marked as "Unsupported" in @MANPAGE_NAME@s help. In contrast to it's Windows counterpart @MANPAGE_NAME@ does, unless the \fB\-live\fP option is given, always creates and save a certificate. If \fIoutputname\fP isn't set it is tried to determine the host name of the computer the command is run on. .br \fBWarning:\fP if the file already exists it will be overwritten without asking. Without further options the generated certificates have the following properties: * 2048 bit long .br * sha256 as hash algorithm .br * the detected host name is used as common name .br * a time stamp is used as serial number .br * validity period of one year .br * saved in the current working directory in crt format .SH OPTIONS .IP "-rdp" Dummy parameter. Can be used to quickly generate a certificate with default properties without specifying any further parameters. .IP "-silent" Don't print the generated certificate to stdout. .IP "-f format" Three formats are supported: crt, pem and pfx. .br \fIcrt\fP outputs the key and the certificate in a separate file each with the file endings .key and .crt. .br \fIpem\fP outputs the key and certificate into a single file with the file ending pem. .br And \fIpfx\fP outputs key and certificate into a pkcs12 file with the ending .pfx. .IP "-p password" Password to use if the pfx format is used as format. .IP "-live" Don't write the key/certificate to disk. When used from the command line this can be thought as "dummy" mode. .IP "-n common_name" The common name to use in the certificate. .IP "-m months" Validity period in months. .IP "-y years" Validity period in years. If months and years are specified the specified month parameter will take precedence. .IP "-len length" Key length in bits to use. .IP "-a { \fImd5\fP | \fIsha1\fP | \fIsha256\fP | \fIs384\fP | \fIsha512\fP }" The hashing algorithm to use. .IP "-# serial" The serial number to use for the certificate. .IP "-path" A directory where the certificate should be created in. .IP "outputname" The base name of the created file(s). A suffix, the format specific suffix is appended to this name. .SH EXAMPLES @MANPAGE_NAME@ -rdp Creates a certificate with the default properties, saved to a file in the current working directory in crt format named like the host. If the host is named freerdp the created files are called freerdp.key and freerdp.crt. @MANPAGE_NAME@ -len 4096 -a sha384 -path /tmp -# 22 -m 144 -y 1 -format crt mycert The command above creates the file /tmp/mycert.pem containing a key and a certificate with a length of 4096. It will use sha384 as hash algorithm. The certificate has the serial number 22 and is valid for 12 years (144 months). .SH EXIT STATUS .TP .B 0 Successful program execution. .TP .B 1 Otherwise. .SH SEE ALSO .URL "https://msdn.microsoft.com/library/windows/desktop/aa386968.aspx" "MakeCert help page" .SH AUTHOR FreeRDP