Name
certtool
Synopsis
certtool { v | d | D }filename
[h] [v] [d] certtool y [h] [v] [k=keychain
[c [p=password
]]] certtool c [h] [v] [a] [k=keychain
[c [p=password
]]] certtool { r | I }filename
[h] [v] [d] [a] [k=keychain
[c [p=password
]]] certtool ifilename
[h] [v] [d] [a] [k=keychain
[c [p=password
]]] [r=filename
[f={ 1 | 8 | f }]]
Manages X.509 SSL/TLS certificates. It uses the Common Data Security Architecture (CDSA) in much the same way that /System/Library/OpenSSL/misc/CA.pl uses OpenSSL to ease the process of managing certificates.
As arguments, it takes a single-letter command, often followed by a filename, and possibly some options.
Options
- a
When adding an item to a keychain, create a key pair including a private key with a more restrictive ACL than usual. (The default behavior creates a private key with no additional access restrictions, while specifying this option adds a confirmation requirement to access the private key that only certtool is allowed to bypass.)
- c
As a command, walks you through a series of interactive prompts to create a certificate and a public/private key pair to sign and possibly encrypt it. The resulting certificate (in DER format) is stored in your default keychain.
Tip
The first prompt, for a key and certificate label, is asking for two space-separated items. Common choices are an organization name for the key and a label designating the purpose of the certificate.
As an option, instructs certtool to create a new keychain by the name given in the ...
Get Mac OS X Tiger in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.