Provided by: mono-devel_4.2.1.102+dfsg2-7ubuntu4_all bug

NAME

       MakeCert - Create X.509 certificates for test purposes

SYNOPSIS

       makecert [options] certificate

DESCRIPTION

       Create  an  X.509  certificate using the provided informations. This is useful for testing
       Authenticode signatures, SSL and S/MIME technologies.

PARAMETERS

       -# num Specify the certificate serial number.

       -n dn  Specify the subject Distinguished Name (DN).

       -in dn Specify the issuer Distinguished Name (DN).

       -r     Create a self-signed, also called root, certificate.

       -iv pvkfile
              Specify the private key file  (.PVK)  for  the  issuer.  The  private  key  in  the
              specified file will be used to sign the new certificate.

       -ic certfile
              Extract  the  issuer's  name from the specified certificate file - i.e. the subject
              name of the specified certificate becomes the issuer name of the new certificate.

       -in name
              Use the issuer's name from the specified parameter.

       -ik container
              Specify the key container name to be used for the issuer.

       -iky [signature | exchange | #]
              Specify the key number to be used in the provider (when used with -ik).

       -ip provider
              Specify the cryptographic provider to be used for the issuer.

       -ir [localmachine | currentuser]
              Specify the provider will search the user or the machine keys  containers  for  the
              issuer.

       -iy number
              Specify the provider type to be used for the issuer.

       -sv pkvfile
              Specify  the  private  key  file (.PVK) for the subject. The public part of the key
              will be inserted into the created certificate. If non-existant the  specified  file
              will be created with a new key pair (default to 1024 bits RSA key pair).

       -sk container
              Specify the key container name to be used for the subject.

       -sky [signature | exchange | #]
              Specify the key number to be used in the provider (when used with -sk).

       -sp provider
              Specify the cryptographic provider to be used for the subject.

       -sr [localmachine | currentuser]
              Specify  the  provider  will search the user or the machine keys containers for the
              subject.

       -sy number
              Specify the provider type to be used for the issuer.

       -a hash
              Select hash algorithm. Only MD5 and SHA1 algorithms are supported.

       -b date
              The date since when the certificate is valid (notBefore).

       -e date
              The date until when the certificate is valid (notAfter).

       -m number
              Specify the certificate validity period in months. This is added to  the  notBefore
              validity date which can be set with -b or will default to the current date/time.

       -cy [authority|end]
              Basic  constraints.  Select  Authority  or  End-Entity  certificate. Only Authority
              certificates can be used to sign other certificates (-ic). End-Entity can  be  used
              by clients (e.g. Authenticode, S/MIME) or servers (e.g. SSL).

       -h number
              Add a path length restriction to the certificate chain. This is only applicable for
              certificates that have BasicConstraint set to Authority (-cy  authority).  This  is
              used to limit the chain of certificates than can be issued under this authority.

       -alt filename
              Add  a  subjectAltName extension to the certificate. Each line from 'filename' will
              be added as a DNS entry of the extension. This option is  useful  if  you  want  to
              create a single SSL certificate to work on several hosts that do not share a common
              domain name (i.e. CN=*.domain.com would not work).

       -eku oid[,oid]
              Add some extended key usage OID to the certificate.

       -p12 pkcs12file password
              Create a new PKCS#12  file  containing  both  the  certificates  (the  subject  and
              possibly  the issuer's) and the private key. The PKCS#12 file is protected with the
              specified password. This option is mono exclusive.

       -?     Help (display this help message)

       -!     Extended help (for advanced options)

EXAMPLES

       To create a SSL test (i.e. non trusted) certificate is easy once  your  know  your  host's
       name. The following command will create a test certificate for an SSL server:
            $ hostname
            pollux

            $ makecert -r -eku 1.3.6.1.5.5.7.3.1 -n "CN=pollux" -sv pollux.pvk pollux.cer
            Success

       In  particular  in  the  above example, the parameters used to build this test certificate
       were:

       -r     Create a self-signed certificate (i.e. without an hierarchy).

       -eku 1.3.6.1.5.5.7.3.1
              Optional (as sadly  most  client  don't  require  it).  This  indicates  that  your
              certificate is intended for server-side authentication.

       -n     Common  Name  (CN)  = Host name. This is verified the SSL client and must match the
              connected host (or else you'll get a warning or error or *gasp* nothing).

       -sv private.key
              The private key file. The key (1024  bits  RSA  key  pair)  will  be  automatically
              generated if the specified file isn't present.

       pollux.cer
              The SSL certificate to be created for your host.

KNOWN RESTRICTIONS

       Compared  to  the  Windows  version some options aren't supported (-$, -d, -l, -nscp, -is,
       -sc, -ss). Also PVK files with passwords aren't supported.

AUTHOR

       Written by Sebastien Pouliot

COPYRIGHT

       Copyright (C) 2003 Motus Technologies.  Copyright (C) 2004-2005  Novell.   Released  under
       BSD license.

MAILING LISTS

       Visit http://lists.ximian.com/mailman/listinfo/mono-devel-list for details.

WEB SITE

       Visit http://www.mono-project.com for details

SEE ALSO

       signcode(1)

                                                                                   Mono(MakeCert)