#!/bin/sh
##
##  x509-util.pod -- X.509 Certificate Generation Utility
##  Copyright (c) 2007-2014 Ralf S. Engelschall <rse@engelschall.com>
##
##  This program is free software; you can redistribute it and/or modify
##  it under the terms of the GNU General Public License as published by
##  the Free Software Foundation; either version 2 of the License, or
##  (at your option) any later version.
##
##  This program is distributed in the hope that it will be useful,
##  but WITHOUT ANY WARRANTY; without even the implied warranty of
##  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
##  General Public License for more details.
##
##  You should have received a copy of the GNU General Public License
##  along with this program; if not, write to the Free Software
##  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
##  USA, or contact Ralf S. Engelschall <rse@engelschall.com>.
##

=pod

=head1 NAME

B<x509-util> - B<X.509 Certificate Generation Utility>

=head1 DESCRIPTION

B<x509-util> is a small utility for conveniently generating a set of
related X.509 certifcates through the tools csp(1) and openssl(1). It is
I<NOT> intended for any production use in a Certificate Authority (CA)
context.

=head1 OPTIONS

=over 4

=item B<--prefix> (OpenPKG prefix)

The filesystem prefix of the OpenPKG instance where the
required tool shtool(1), csp(1) and openssl(1) can be found.
Default: @l_prefix@

=item B<--tag> (Short-hand tag)

A short-hand tag, mainly used as the prefix for all resulting files.
Default: "snakeoil"

=item B<--password> (Encryption Password)

The password for encrypting the private key files.
Default: "snakeoil"

=item B<--domain> (DNS Domain)

The DNS domain name of the organization.
Used in the Subject and Issuer fields of the certificates.
Default: "snakeoil.invalid"

=item B<--organization> (Organization Name)

The name of the organization.
Used in the Subject and Issuer fields of the certificates.
Default: "Snakeoil Corporation"

=item B<--lifetime> (Certificate Lifetime)

The number of days the certificates will be valid.
Default: "3650"

=item B<--num-server> (Number of Server Certificates)

The number of certificates generated for server use.
Default: "2"

=item B<--num-client> (Number of Client Certificates)

The number of certificates generated for client use.
Default: "4"

=item B<--num-object> (Number of Object Certificates)

The number of certificates generated for object signing use.
Default: "4"

=item B<--tmpdir> (Temporary Directory)

The temporary directory used during file generation.
Default: ${TMPDIR-/tmp}

=item B<--outdir> (Output Directory)

The output directory for all result files.
Default: current working directory.

=back

=head1 EXAMPLE

 x509-util \
     --prefix=/example/sw \
     --tag="example" \
     --password="example" \
     --domain="example.com" \
     --organization="Example Corporation" \
     --lifetime=3650 \
     --num-server=1 \
     --num-client=1 \
     --num-object=1

=head1 SEE ALSO

csp(1), openssl(1).

=head1 AUTHOR

Ralf S. Engelschall <rse@engelschall.com>

=cut