makecert(1) - Linux man page
Name
MakeCert - Create X.509 certificates for test purposesSynopsis
makecert [options] certificate
Description
Create an X.509 certificate using the provided informations. This is useful for testing Authenticode signatures, SSL and S/MIME technologies.Parameters
- -# num
- Specify the certificate serial number.
- -n dn
- Specify the subject Distinguished Name (DN).
- -in dn
- Specify the issuer Distinguished Name (DN).
- -r
- Create a self-signed, also called root, certificate.
- -iv pvkfile
- Specify the private key file (.PVK) for the issuer. The private key in the specified file will be used to sign the new certificate.
- -ic certfile
- Extract the issuer's name from the specified certificate file - i.e. the subject name of the specified certificate becomes the issuer name of the new certificate.
- -in name
- Use the issuer's name from the specified parameter.
- -ik container
- Specify the key container name to be used for the issuer.
- -iky [signature | exchange | #]
- Specify the key number to be used in the provider (when used with -ik).
- -ip provider
- Specify the cryptographic provider to be used for the issuer.
- -ir [localmachine | currentuser]
- Specify the provider will search the user or the machine keys containers for the issuer.
- -iy number
- Specify the provider type to be used for the issuer.
- -sv pkvfile
- Specify the private key file (.PVK) for the subject. The public part of the key will be inserted into the created certificate. If non-existant the specified file will be created with a new key pair (default to 1024 bits RSA key pair).
- -sk container
- Specify the key container name to be used for the subject.
- -sky [signature | exchange | #]
- Specify the key number to be used in the provider (when used with -sk).
- -sp provider
- Specify the cryptographic provider to be used for the subject.
- -sr [localmachine | currentuser]
- Specify the provider will search the user or the machine keys containers for the subject.
- -sy number
- Specify the provider type to be used for the issuer.
- -a hash
- Select hash algorithm. Only MD5 and SHA1 algorithms are supported.
- -b date
- The date since when the certificate is valid (notBefore).
- -e date
- The date until when the certificate is valid (notAfter).
- -m number
- Specify the certificate validity period in months. This is added to the notBefore validity date which can be set with -b or will default to the current date/time.
- -cy [authority|end]
- Basic constraints. Select Authority or End-Entity certificate. Only Authority certificates can be used to sign other certificates (-ic). End-Entity can be used by clients (e.g. Authenticode, S/MIME) or servers (e.g. SSL).
- -h number
- Add a path length restriction to the certificate chain. This is only applicable for certificates that have BasicConstraint set to Authority (-cy authority). This is used to limit the chain of certificates than can be issued under this authority.
- -eku oid[,oid]
- Add some extended key usage OID to the certificate.
- -?
- Help (display this help message)
- -!
- Extended help (for advanced options)
