descriptionCreate various types of certificates
last changeSun, 3 Dec 2017 23:57:43 +0000 (3 15:57 -0800)
content tags

The CACreateCert certificate utility was developed in order to facilitate using X509 client certificates for authentication with a web server over the https protocol when all the user has uploaded to the server for identification is an OpenSSH RSA public key (e.g.

(In other words, the user pastes an OpenSSH RSA public key into a form on the web server and the web server responds with a client certificate that the user can then download and use together with the corresponding private key to authenticate to that web server.)

However, the CACreateCert utility has grown a number of additional options making it useful for creation of several other kinds of X509 certificates.

It may be helpful to first view the Example.html page to see how a full set of certificates and keys for a complete certificate chain may be generated (including individual user client authentication certificates). If more detail is needed on the veritable plethora of options available when running the CACreateCert utility, look at the output of the CACreateCert -h command.

A ConvertPubKey utility is also provided that can convert between OpenSSH and X.509 public key formats without using OpenSSH or OpenSSL.

This software is licensed under the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. See the included file LICENSE.txt or the web site

2017-12-03 Kyle J. McKayCACreateCert: support --request and --utf8master
2017-11-28 Kyle J. McKayCACreateCert: allow use of --randome with non-root...
2017-05-30 Kyle J. McKayCACreateCert: update, clarify and enhance text
2017-05-30 Kyle J. McKayCACreateCert: calm the whirlpool a bit
2017-05-30 Kyle J. McKayCACreateCert: correct wording about self-signed combo...
2017-05-16 Kyle J. McKayCACreateCert: remove "OfIncorporation" from EV subject...
2017-01-09 Kyle J. McKayCACreateCert: mention openssl -x509toreq in TIPS
2017-01-06 Kyle J. McKayCACreateCert: improve features for use with --email
2016-10-27 Kyle J. McKayConvertPubKey: tolerate any $PATH location for perl
2016-04-28 Kyle J. McKayCACreateCert: support LibreSSL's openssl command
2015-02-10 Kyle J. McKayREADME: add some headings and .md alias
2015-02-10 Kyle J. McKayCACreateCert: let --dni serial=# relocate the random...
2015-02-10 Kyle J. McKayCACreateCert: Acme Certificate Co.
2015-02-10 Kyle J. McKayCACreateCert: add support for including arbitrary disti...
2015-02-05 Kyle J. McKayCACreateCert: various minor cleanups and elucidations
2014-11-30 Kyle J. McKayCACreateCert: add some additional explanatory comments
10 months ago master