The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

skicert (1)
  • >> skicert (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  • 
    NAME
         skicert - retrieve, remove, and view a certificate
    
    SYNOPSIS
         skicert -F [-s | -v] [[-h [-L virtual_host]] | -k key_owner]
         [-p | [-B] cert_file]
    
         skicert [-G] [-p] [-s | -v] [[-h  [-L  virtual_host]]  |  -k
         key_owner]
    
         skicert -R -h [-L virtual_host] [-s | -v] [-e | -a authority
         -n number]
    
         skicert -R -k key_owner [-s | -v]  [-e  |  -a  authority  -n
         number]
    
         skicert -S [-p] [-s | -v] [ [-B] cert_file]
    
    AVAILABILITY
         SUNWski
    
    DESCRIPTION
         An X.509 certificate binds a public key value to  a  subject
         identity  (represented as an X.500 Distinguished Name (DN)).
         The binding is achieved by having  a  trusted  certification
         authority (CA) digitally sign the certificate.
    
         Certificates can be stored in any XFN  supported  repository
         such  as  NIS  or  NIS+,  in order to be made available to a
         large user community. The skicert utility allows  retrieval,
         removal,  and  viewing  of  certificates from the configured
         repository.
    
      Storing Certificate in File
         The skicert -F command retrieves the certificate(s) owned by
         key_owner  or the host (with -h option) from the naming ser-
         vice and stores them  in  cert_file.  If  cert_file  already
         exists, it is overwritten.  If no cert_file is provided, the
         retrieved certificates are printed to stdout.
    
         If the -p option is used,  the  retrieved  certificates  are
         displayed  one at a time, and for each certificate, the user
         is prompted for a filename in which to  store  the  certifi-
         cate.  If no filename is provided, the displayed certificate
         will not be stored. If the specified file already exists, it
         is overwritten.
    
         The key_owner can be specified  as  an  X.500  distinguished
         name  in  string  representation  or  as a UNIX username. If
         key_owner is not provided, it is  set  to  the  user's  UNIX
         username.
    
      Viewing Certificate from Naming Service
         The skicert -G command retrieves the certificate(s) owned by
         key_owner  from  the  configured  naming service and outputs
         them in a  user-friendly  format  to  stdout.  This  is  the
         default operation mode.
    
         The key_owner can be specified  as  an  X.500  distinguished
         name  in  string representation or as a UNIX username. If no
         key_owner is provided, it is set to the user's name.
    
         All certificates are printed out all at  once.   If  the  -p
         option  is  used,  the  certificates  are displayed one at a
         time.
    
      Removing a Certificate
         The skicert -R command  allows  a  system  administrator  to
         remove  one  or more host or user certificates from the con-
         figured name service, such as NIS or NIS+.
    
         If the -h option is used, one or more certificates belonging
         to  the  host are removed from the name service.  Otherwise,
         one or more certificates owned by key_owner are removed from
         the name service. The key_owner can be specified as an X.500
         distinguished name in string representation  or  as  a  UNIX
         username.
    
         If the -e option is specified, all certificates belonging to
         the  host  or  key_owner  are removed from the name service.
         Otherwise, the certificate identified by  a  combination  of
         authority and number is removed from the name service, where
         authority is  the  X.500  Distinguished  Name  in  printable
         representation  of  the issuing authority, and number is the
         serial number of  the  certificate  to  be  removed.  If  no
         authority  and number information is provided at the command
         line (and the -e option is not used), the system administra-
         tor  will  be prompted for this information. If no issuer is
         provided at the prompt, all certificates  belonging  to  the
         host or key_owner are removed from the name service.
    
         Note that this operation can only be run by the superuser.
    
      Viewing Certificate from File
         The skicert -S command reads the certificates from the  file
         specified  by cert_file and outputs the certificate contents
         in a user-friendly format to stdout.   If  no  cert_file  is
         given, the certificates are read from stdin.
    
         By default, this option expects a RFC1421 formatted certifi-
         cate.   Use the -B option if the cert_file contains a binary
         formatted certificate.  If the cert_file contains  a  binary
         formatted certificate, it should not contain the "-----BEGIN
         CERTIFICATE-----"    and     "-----END     CERTIFICATE-----"
         boundaries, and only one binary certificate is allowed.
    
         By default, all certificates are printed out  all  at  once.
         If the -p option is used, the certificates are displayed one
         at a time.
    
    OPTIONS
         skicert can be run in the following modes:
    
         -F      Retrieve one or more certificates from  the  config-
                 ured repository and output them to a file or stdout.
                 By default, each certificate is output in  printable
                 encoding  (as  defined by the Internet RFC1421 stan-
                 dard), and bounded at the beginning by:  "-----BEGIN
                 CERTIFICATE-----"  and  bounded at the end by "-----
                 END CERTIFICATE-----".  If the -B  option  is  used,
                 the certificate is output in a binary format without
                 boundaries.
    
         -G      View (display contents of) one or more  certificates
                 from  the configured repository. Each certificate is
                 output to stdout in a user-friendly format. This  is
                 the default operation mode.
    
         -R      Remove one or more certificates from the  configured
                 repository.
    
         -S      Read one or more certificates from the  file  speci-
                 fied  by  cert_file,  and output their contents in a
                 user-friendly format to stdout.  If no cert_file  is
                 provided,  the certificates are read from stdin.  By
                 default, each certificate in cert_file must be  pro-
                 vided in the printable encoding format as defined by
                 the Internet RFC1421 standard, and must  be  bounded
                 at  the  beginning by "-----BEGIN CERTIFICATE-----",
                 and bounded at the end by "-----END  CERTIFICATE----
                 -".   Each  of  the boundaries must be followed by a
                 NEWLINE.  Please refer to the example below.  If  -B
                 option  is  used, the cert_file must not include the
                 boundaries.
    
         The following options are supported for all modes:
    
         -s      Run application silently (no status or error  infor-
                 mation displayed).
    
         -v      Give verbose output. If  both  the  -v  and  the  -s
                 options are specified, the -v option is ignored.
    
         The following additional options apply only to  skicert  -F,
         skicert -G, and skicert -R:
    
         -h   Operate on a host certificate.  This option may not  be
              used in conjunction with the -k option.
    
         -L virtual_host
              Name or the dot separated IP  address  of  the  virtual
              host  on  whose  certificate to operate. This option is
              valid only with -h option.
    
         -k key_owner
              Identity of certificate owner.  This is an  X.500  dis-
              tinguished  name in string representation, for example,
              "cn=Alice Smith, ou=SunSoft, o=SUN, c=US",  or  a  UNIX
              username.  Defaults to the user's name. This option may
              not be used in conjunction with the -h option.
    
         The following additional options apply only to  skicert  -F,
         and skicert -S:
    
         -B cert_file
              The cert_file contains a binary formatted certificate.
    
         The following additional options apply only to  skicert  -F,
         skicert -G, and skicert -S:
    
         -p   Display (and store in the case of skicert -F) the  cer-
              tificates one at a time, rather than all at once (which
              is the default). In the case of skicert -F, this option
              may not be used in conjunction with cert_file.
    
         The following additional options apply only to skicert -R:
    
         -e   Remove all certificates belonging to host or key_owner.
              This  option may not be used in conjunction with the -a
              or -n options.
    
         -a authority
              Issuer for certificate to be removed.  This is an X.500
              distinguished   name  in  string  representation,  e.g.
              "cn=CA, ou=SunSoft, o=SUN, c=US". This option  must  be
              used in conjunction with the -n option, and must not be
              used in conjunction with the -e option.
    
         -n number
              Serial number  of  certificate  to  be  removed.   This
              option  must be used in conjunction with the -a option,
              and must not be used in conjunction with the -e option.
    
    EXAMPLES
         The command
    
              example% skicert -G -k  "cn=Alice Smith, ou=eng, o=SUN,
              c=US"
    
         allows a user to view the certificate(s)  belonging  to  the
         user  with  the distinguished name  "cn=Alice Smith, ou=eng,
         o=SUN, c=US".
    
         The command
    
              example% skicert -S certfile
    
         allows a user to view the certificates stored  in  the  file
         "certfile."  "certfile" should have the following format:
    
         -----BEGIN CERTIFICATE-----
         MIIBRDCB7wIEMe0zZzANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJVUzEMMAoG
         A1UEChQDU1VOMB4XDTk2MDcxNzE4MzkzNVoXDTk5MDcxNzE4MzkzNVowPTELMAkG
         A1UEBhMCVVMxDDAKBgNVBAoUA1NVTjEPMA0GA1UEDRQGZHVtbXkxMQ8wDQYDVQQD
         FAZkdW1teTEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAt9LgN5oT1WtlCJFXLmhc
         SY4kN7OcNkBYq9iT4R8K0uZIrgp9/hSe0DFgQaAZkIUjqB0YkeIFPmy6/K3bp0l9
         1QIDAQABMA0GCSqGSIb3DQEBBAUAA0EAdolKCynL2WjOxHmmsRbEg51dwB2u/ExM
         2ZMaZvLMXHX5VIsjxfLSCXu3iI/RdMIi5dGfZhrp2XBkg0gkii+Mkw==
         -----END CERTIFICATE-----
         -----BEGIN CERTIFICATE-----
         MIIBSjCB9QIEMe0zYTANBgkqhkiG9w0BAQQFADAbMQswCQYDVQQGEwJVUzEMMAoG
         A1UEChQDU1VOMB4XDTk2MDcxNzE4MzkyOVoXDTk5MDcxNzE4MzkyOVowQzELMAkG
         A1UEBhMCVVMxDDAKBgNVBAoUA1NVTjEQMA4GA1UEDRQHY2hhcmxpZTEUMBIGA1UE
         AxQLY2hhcmxpZSBsYWkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxQzeNvx72Dkp
         GI9r6hALR3nVBG13PA/2wKrsT25xQGoSp104klnVgRfp4mbeiHEIfKG7Q9Z0bOei
         luT4fG5EQQIDAQABMA0GCSqGSIb3DQEBBAUAA0EAUahDuBR5ONKIGvV4wvk2ZfVi
         ms2TwKEDhtAkdQe0B3xeZk7e1/h6iK8QrXz2VtSCXde4onRr84Afj8je5gAkoQ==
         -----END CERTIFICATE-----
    
         The command
    
              example% skicert -F -p  -k   "cn=Alice  Smith,  ou=eng,
              o=SUN, c=US"
    
         allows a user to view and store the certificate(s) belonging
         to  the  user  with the distinguished name  "cn=Alice Smith,
         ou=eng, o=SUN, c=US". For  each  returned  certificate,  the
         user  is  prompted for a filename where the certificate will
         be stored.
    
         The command
    
              example% skicert -R -e  -k   "cn=Alice  Smith,  ou=eng,
              o=SUN, c=US"
    
         allows a Certification Authority with  system  administrator
         privileges  to remove all certificates belonging to the user
         with the distinguished name  "cn=Alice Smith, ou=eng, o=SUN,
         c=US" from the configured repository.
    
    
    EXIT STATUS
         The skicert command exits with 0 if successful and 1  other-
         wise.
    
    NOTES
         The skicert -R command may only  be  executed  by  a  system
         administrator,  who has the appropriate privileges to update
         the underlying naming service from which the  certificate(s)
         are removed.
    
    
    
    


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру