Name
certtool
Synopsis
certtool { v | d | D } filename [h] [v] [d]
certtool y [h] [v] [k=keychain [c [p=password]]]
certtool c [h] [v] [a] [k=keychain [c [p=password]]]
certtool { r | I } filename [h] [v] [d] [a] [k=keychain [c [p=password]]]
certtool i filename [h] [v] [d] [a] [k=keychain [c [p=password]]] [r=filename
[f={ 1 | 8 | f }]]Manages X.509 SSL/TLS certificates. It uses the Common Data Security
Architecture (CDSA) in much the same way that
/System/Library/OpenSSL/misc/CA.pl uses OpenSSL
to ease the process of managing certificates.
As arguments it takes a single-letter command, often followed by a filename, and possibly some options.
Options
-
a When adding an item to a keychain, create a key pair including a private key with a more restrictive ACL than usual. (The default behavior creates a private key with no additional access restrictions, while specifying this option adds a confirmation requirement to access the private key which only
certtoolis allowed to bypass.)-
c As a command, walks you through a series of interactive prompts to create a certificate and a public/private key pair to sign and possibly encrypt it. The resulting certificate (in DER format) is stored in your default keychain. (Note that the first prompt, for a
keyandcertificatelabel, is asking for two space-separated items. Common choices are an organization name for the key and a label designating the purpose of the certificate.)As an option, instructs
certtoolto create a new keychain by the name given ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access