CDSA$CERTGEN.EXE

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 1:...

CDSA Utility Programs

CDSA$ISSUER.EXE

CDSA$CERTGEN.EXE

The certgen utility allows the user to create digital certificates in the form runfilename.cer. Private keys will be placed in [.CDSA.PKD]csp-name.PRI under the login directory of the current process.

This program generally is called by CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM.

SYNOPSIS

certgen [runfilename]

OPTIONS

runfilename This optional parameter specifies the name of the run file that contains the parameters that certgen needs to create a certificate. If no run file is specified, the default run file is certgen.run in the current directory.

A certgen run file contains the following items as appropriate, each on a separate line:
certype location
certtype can be one of the following:

-s Indicates a self-signed certificate.

-i Indicates a certificate signed by another certificate.

-v Indicates that the created certificate takes its subject and public key from a certificate issued by another vendor. You cannot use this option to create a self-signed certificate.

location Indicates where the issuer certificate is read from if -i or -v is specified.

filename If certtype is -s or -i, filename indicates the location of the XML template that contains the Subject Name that must go into this certificate. If certtype is -v, filename indicates the location of the Vendor Certificate.

algorithm Indicates the algorithm used to generate the key pair associated with the certificate being created. The specified algorithm must be supported by one of the Cryptographic Service Providers available in the local implementation of CDSA. The algorithm can be either DSA or RSA. This parameter is not valid if -v is specified for certtype.

keysize Specifies the logical key size (in bits) of the key pair being generated. Typical examples are 128, 256, 512, 1024, and so on. The specified key size must be supported by one of the Cryptographic Service Providers available in the local implementation of CDSA. This parameter is not valid if -v is specified for certtype.

cspguid The globally unique identifier of the Cryptographic Service Provider that is being used.

certfile The output file into which the created certificate is to be written.

subject_password
The password used to protect a key pair if one is being generated. This parameter is not valid if -v is specified for certtype.

issuer_password
The password used to unlock the private key required to sign the generated certificate. This parameter is not valid if -s is specified for certtype.

validity_period
The validity period for the certificate. This parameter contains a start and end date for the validity period in the form YYMMDDHHMMSS YYMMDDHHMMSS. The validity period cannot extend beyond the year 2049. If validity_period is not specified, the validity period for the certificate lasts for exactly one year.

EXAMPLE

$ certgen intmods.run

The following is an example of a run file (intmods.run) that creates a certificate named intmods.cer, which is signed by intmanf.cer and generates a 1024-bit DSA key pair.

-i intmanf.cer
intmods.xml
dsa
1024
{67ef50d0-fe74-11d2-a8e6-0090271d266f}
intmods.cer
intmods
intmanf
001013000000 101013000000

CDSA$ISSUER.EXE