 |
Index for
Section 8 |
|
 |
Alphabetical
listing for I |
|
 |
Bottom of
page |
|
ipsec_certview(8)
NAME
ipsec_certview - Displays the contents of IPsec certificate files
SYNOPSIS
/usr/sbin/ipsec_certview [options] file [[options] file] ...
OPTIONS
-cert
Specifies a file that contains an X.509 public key certificate or
certificate request.
-crl
Specifies a file that contains an X.509 certificate revocation list.
-prv
Specifies a file that contains a private key.
-hexl
Specifies a file whose contents are in HEXL format. The default format
is binary (DER) encoding.
-pem
Specifies a file whose contents are in PEM format. The default format
is binary (DER) encoding.
-ldap
Prints X.500-style names in the order that would be used when fetching
the certificate from an LDAP server.
-base16
Displays large numbers (for example, key values) in base 16 notation.
-width n
Sets the output line width to n characters.
-h Displays a summary of the command options and exit.
DESCRIPTION
The ipsec_certview command displays the contents of files containing
public-key certificate information. This command and other related
certificate commands provided in this IPsec implementation are intended for
testing purposes only. They are not intended to provide a complete
public-key certificate infrastructure.
Each input file is read, and a formatted display of the certificate data is
written to standard output. Information displayed includes certificate
subject name, issuer, validity dates, key information, and extensions.
The type of certificate-related file is specified by the -cert, -crl, and
-prv options. If no file type is specified, the utility will attempt to
figure out the file type from the file contents.
If both the file type and encoding format are omitted, the utility assumes
binary encoding and tries to guess the file type. This might fail and
produce spurious error messages, particularly if the file is actually PEM
encoded.
RESTRICTIONS
The viewing of private key files associated with Digital Signature
Authority (DSA) certificates is not currently supported.
EXAMPLES
The following displays a PEM-encoded certificate file:
# ipsec_certview -pem -base16 test-root.pem
SSH X.509 v3 certificate and v2 crl viewer demo
Copyright (c) 1998-2000 SSH Communications Security, Ltd.
All rights reserved.
Reading file 'test-root.pem' for automatic.
Trying to decode the object...
assuming it is a certificate ... success.
Certificate =
SerialNumber = 0x84c
SubjectName =
IssuerName =
Certificate seems to be self-signed.
* Signature verification success.
Validity =
NotBefore = 2000 Jan 1st, 19:30:00 GMT
NotAfter = 2001 Jan 1st, 12:00:00 GMT
PublicKeyInfo =
Algorithm name (X.509) : dsaEncryption
SSH library default names
base type = dl-modp
signature algorithm = dsa-nist-sha1
Modulus p ( 768 bits) :
0x81a4c0494153974b5d8a6fcf24d7813b7ac6768b26a8b4d1cf53cc1067b5b57a0890644
edfaf2271b4afeca4d378f824624a001360846a16eba0fb1ade3b2f89273a5c9ca853b272
34e1db63ff4cc73a005855d897e46ecd4d8eb461f15125e5
Group order q ( 160 bits) : 0xe8747149d5276cdb992e1823810f246cb11626dd
Generator g ( 765 bits) :
0x1d1f76b7d98408345399d4330a333074f6ebb42042e67ee7abafc3ad3f58f2ef22b3b2e
08608b48bfc5ee732e1f54cc42ef2916ffb9fcc53f9bc36735918411bf5058a5fd1295c28
b085a9839197b23bd23db652dc14a240b772aef38f8f8ff5
Public key y ( 761 bits) :
0x18ee49d8d0f9ad1dd338cee2b993d59ab86a6ef661243f1458ce53e3b1eba7a9ca67890
30a2a1a08588d4b3cbaa19064dce04f5daaa7c747a5c3fe6e00d9f9ae284d2dd3a51e58ec
397d93b1b48b8e4dd2087ac893245d76fa0716037734b8a
Extensions =
Available = key usage, basic constraints(critical)
KeyUsage = DigitalSignature KeyCertSign
BasicConstraints =
PathLength = 0
cA = TRUE
[CRITICAL]
Finished successfully.
SEE ALSO
Commands: ipsec_certmake(8), ipsec_convert(8), ipsec_keypaircheck(8),
ipsec_keytool(8)
|
Index for
Section 8 |
|
|
Alphabetical
listing for I |
|
 |
Top of
page |
|