descriptionCreate various types of certificates
last changeMon, 30 Dec 2013 11:32:38 +0000
Content tags:

The CACreateCert certificate utility was developed in order to facilitate using X509 client certificates for authentication with a web server over the https protocol when all the user has uploaded to the server for identification is an OpenSSH RSA public key (e.g.

(In other words, the user pastes an OpenSSH RSA public key into a form on the web server and the web server responds with a client certificate that the user can then download and use together with the corresponding private key to authenticate to that web server.)

However, the CACreateCert utility has grown a number of additional options making it useful for creation of several other kinds of X509 certificates.

It may be helpful to first view the Example.html page to see how a full set of certificates and keys for a complete certificate chain may be generated (including individual user client authentication certificates). If more detail is needed on the veritable plethora of options available when running the CACreateCert utility, look at the output of the CACreateCert -h command.

A ConvertPubKey utility is also provided that can convert between OpenSSH and X.509 public key formats without using OpenSSH or OpenSSL.

This software is licensed under the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. See the included file LICENSE.txt or the web site

2013-12-30 Kyle J. McKayCACreateCert: fix typo in helpmaster
2013-12-01 Kyle J. McKayExamples.html: correct some wording
2013-09-10 Kyle J. McKayConvertPubKey: show DSA prime divisor bit size
2013-09-10 Kyle J. McKayRemove incorrect option aliases
2013-07-04 Kyle J. McKayCACreateCert: add support for --dnq to add a dnQualifier
2013-07-03 Kyle J. McKayCACreateCert: allow multiple --suffix options
2013-06-20 Kyle J. McKayConvertPubKey: Add hint comment to locate help
2013-06-11 Kyle J. McKayRemove some ConvertPubKey debugging code
2013-06-11 Kyle J. McKayNew ConvertPubKey utility
2013-06-11 Kyle J. McKayCACreateCert: Fix undefined infilename variable when...
2013-05-16 Kyle J. McKaySwitch from UTF-8 to ISO-8859-1 so it works with dumb...
2013-05-14 Kyle J. McKayAdd support for --suffix option
2013-05-11 Kyle J. McKayAdd support for --in and --out options
2013-05-10 Kyle J. McKayAdd a README.txt file
2013-05-10 Kyle J. McKayAdd an Examples.html page
2013-05-07 Kyle J. McKayPrefer /dev/urandom over /dev/random if it exists
13 months ago master