Name
certtool
Synopsis
certtool { v | d | D }filename
[h] [v] [d] certtool y [h] [v] [k=keychain
[c [p=password
]]] certtool c [h] [v] [a] [k=keychain
[c [p=password
]]] certtool { r | I }filename
[h] [v] [d] [a] [k=keychain
[c [p=password
]]] certtool ifilename
[h] [v] [d] [a] [k=keychain
[c [p=password
]]] [r=filename
[f={ 1 | 8 | f }]]
Description
Manages
X.509 SSL/TLS certificates. It
uses the
Common Data
Security Architecture (CDSA) in much the same way that
/System/Library/OpenSSL/misc/CA.pl
uses OpenSSL
to ease the process of managing certificates.
As arguments, it takes a single-letter command, often followed by a filename, and possibly some options.
Options/Usage
- a
When adding an item to a keychain, this option creates a key pair and includes a private key with a more restrictive ACL than usual. (The default behavior creates a private key with no additional access restrictions, while specifying this option adds a confirmation requirement to access the private key which only
certtool
is allowed to bypass.)- c
As a command, walks you through a series of interactive prompts to create a certificate and a public/private key pair to sign and possibly encrypt it. The resulting certificate (in DER format) is stored in your default keychain. (Note that the first prompt, for a
key and certificate
label
, is asking for two space-separated items. Common choices are an organization name for the key, and a label designating the purpose of the certificate.)As an option, instructs
certtool
to ...
Get Mac OS X Panther for Unix Geeks, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.