FreeBSD Manual Pages
ssl-admin(1) General Commands Manual ssl-admin(1) NAME ssl-admin - OpenSSL Certificate Manager SYNOPSIS ssl-admin DESCRIPTION ssl-admin is a menu-driven tool designed to simplify the management and distriibution of SSL certificates. ssl-admin was originally written to manage SSL certificates for use with OpenVPN. This functionality has not been removed. CORE FUNCTIONS There are a number of core operations within ssl-admin, often times mu- tually exlusive of one another. For example, you cannot generate a new CA certificate and generate a client certificate all at once. --new-ca This command will generate a new root certificate and key pair and store the new files in work-dir. If you add the optional --clean argument, you will wipe out the existing certificate store. --int-ca This command will generate an intermediate CA certficate which can be used for signing sub keys, etc. --client-cert, --ccert This will generate a client signing request, certificate, and key. --server-cert, --scert This will generate a client signing request, certificate, and key, with server extensions enabled. --dh, --diffie-hellman Generates the Diffie-Hellman prime. --revoke Used to revoke a certificate in the store. --crl-list This outputs a list of revoked certificates. DIRECTORIES There are a number of directories within /usr/local/etc/ssl-admin/ which contain the working and datafiles. ACTIVE (/usr/local/etc/ssl-admin/active) The active directory contains certificates that have not been revoked. The only keys that are REQUIRED to be present are ca.crt and ca.key. CSR (/usr/local/etc/ssl-admin/csr) The csr directory contains certificate signing requests and keys for those keys which have been created using ssl-admin. If you need to sign a certificate signing request generated elsewhere, place the .csr here. The key files are not required to be present. PACKAGES (/usr/local/etc/ssl-admin/packages) The packages directory contains any zipped packages you've built with ssl-admin. Packages are generally used to distribute signed certificates to end users. PROG (/usr/local/etc/ssl-admin/prog) The prog directory contains all the data files used by ssl-ad- min. DO NOT EDIT OR MODIFY THE FILES IN THIS DIRECTORY unless you know exactly what you are doing. If you are running Open- VPN, you may point your OpenVPN crl-verify config option to /usr/local/etc/ssl-admin/prog/crl.pem. REVOKED (/usr/local/etc/ssl-admin/revoked) The revoked directory contains certificates and keys for those certificates that have been revoked within ssl-admin. MENU OPTIONS UPDATE RUN-TIME OPTIONS CREATE NEW CERTIFICATE REQUEST SIGN A CERTIFICATE REQUEST PERFORM A ONE-STEP REQUEST/SIGN REVOKE A CERTIFICATE RENEW/RE-SIGN A PAST CERTIFICATE REQUEST VIEW CURRENT CRL VIEW INDEX INFORMATION ZIP/PACKAGE END-USER FILES GENERATE DIFFIE-HELLMAN CREATE SELF-SIGNED CA CREATE SIGNED SERVER CERTIFICATE QUIT SSL-ADMIN NOTES This man page needs to be completed. BUGS OpenVPN client.ovpn error There is an error when making a new certificate that client.ovpn doesn't exist. FILES /usr/local/etc/ssl-admin/ssl-admin.conf SEE ALSO ssl-admin.conf(5), openssl(1) AUTHOR Eric Crist <ecrist@secure-computing.net> v~~~VERSION~~~ $Id: ssl-admin.1 356 2014-06-25 02:59:57Z ecrist $ ssl-admin(1)
NAME | SYNOPSIS | DESCRIPTION | CORE FUNCTIONS | DIRECTORIES | MENU OPTIONS | NOTES | BUGS | FILES | SEE ALSO | AUTHOR
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ssl-admin&sektion=1&manpath=FreeBSD+Ports+15.0>