unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OpenBSD-3.6)
Page:
Section:
Apropos / Subsearch:
optional field

CERTPATCH(8)            OpenBSD System Manager's Manual           CERTPATCH(8)

NAME
     certpatch - add subjectAltName identities to X.509 certificates

SYNOPSIS
     certpatch [-t identity-type] -i identity -k signing-key input-certificate
               output-certificate

DESCRIPTION
     certpatch alters PEM-encoded X.509 certificates by adding a subjectAlt-
     Name extension containing an identity used by the signature-based authen-
     tication schemes of the ISAKMP protocol.  After the addition the certifi-
     cate will be signed once again with the supplied CA signing key.

     The options are as follows:

     -t identity-type
             If given, the -t option specifies the type of the given identity.
             Currently ip, fqdn, and ufqdn are recognized.  The default is ip.

     -i identity
             The -i option takes an argument which is the identity to put into
             the subjectAltName field of the certificate.  If the identity-
             type is ip, this argument should be an IPv4 address in dotted
             decimal notation.

     -k signing-key
             The -k option specifies the key used for signing the certificate
             once the subjectAltName extension has been added.  The key is
             specified by the filename where it is stored in PEM format.

SEE ALSO
     isakmpd(8), ssl(8)

OpenBSD 3.6                      July 18, 1999                               1