certauth

Description

NoteOpenSSL is distributed as a convenience in the Open Client Server (OCS) release. OpenSSL is documented http://www.openssl.org

Converts a server certificate request to a CA- (certificate authority) signed certificate. Located in $SYBASE/$SYBASE_OCS/bin.

Windows The utility is certauth.exe, and is located in %SYBASE%\%SYBASE_OCS%\bin.

Syntax

certauth
	[-r]
	[-C caCert_file]
	[-Q request_filename]
	[-K caKey_filename]
	[-N serial_number
	[-O SignedCert_filename]
	[-P caPassword]
	[-s start_time]
	[-T valid_time]

Or

certauth -v

Parameters

-r

when specified, creates a self-signed root certificate for the test environment.

-C caCert_file

specifies the name of the CA’s certificate request file when -r is specified, or specifies the name of the CA’s root certificate.

-Q request_filename

specifies the name of certificate request file.

-K caKey_filename

specifies the name of the CA’s private key.

-N serial_number

specifies the serial number in the signed certificate. If -N is not specified, certauth generates a pseudo-random serial number.

-O SignedCert_filename

specifies the name to use for the output when creating a signed certificate file. If -r is specified, SignedCert_filename is the self-signed root certificate. If -r option is not used, SignedCert_filename is the certificate signed by the caCert_file.

-P caPassword

specifies the CA’s password that is used to decrypt its private key.

-s start_time

specifies the start of the valid time range, measured in days from the current time. The default is the current time.

-T valid_time

specifies the length of the valid time range for a signed certificate. The valid time range is in units of days.

-v

prints the version number and copyright message of the certauth tool, then exits.

Examples

Example 1

Converts the CA’s certificate request (ca_req.txt) to a certificate, using the private key (ca_pkey.txt). The private key is protected using password. This example sets the valid time range to 365 days, self-signs the certificate, and outputs it as a root certificate (trusted.txt):

certauth -r -C ca_req.txt -Q ca_req.txt
    -K ca_pkey.txt -P password -T 365 -O trusted.txt

The utility returns this message:

 -- Sybase Test Certificate Authority --
Certificate Validity:
    startDate = Tue Sep 5  10:34:43  2000
endDate = Wed Sep 5  10:34:43  2001
CA sign certificate SUCCEED (0)

NoteYou need to create a trusted root certificate for the test CA only once. After you have created the trusted root certificate, you can use it to sign many server certificates in your test environment.

Example 2

Converts a server certificate request (srv5_req.txt) to a certificate, and sets the valid time range to 180 days. It signs the certificate with a CA’s certificate and private key (trusted.txt and ca_pkey.txt), uses password protection, and outputs the signed certificate as sybase_srv5.crt:

certauth -C trusted.txt -Q srv5_req.txt 
    -K ca_pkey.txt -P password -T 180 -O sybase_srv5.crt

NoteIf you do not set valid time, the default is 365 days.

The utility returns this message:

 -- Sybase Test Certificate Authority --
Certificate Validity:
    startDate = Tue Sep  5 10:38:32  2000
endDate = Sun Mar  4 09:38:32  2001
CA sign certificate SUCCEED (0)

The following is a sample certificate. See the certauth Usage section for additional steps to take to create a server certificate that the server can use.

-----BEGIN CERTIFICATE-----
MIICSTCCAgUCAVAwCwYHKoZIzjgEAwUAMG8xCzAJBgNVBAYTAlVTMRMwEQYDVQQI
EwpDYWxpZm9ybmlhMRMwEQYDVQQHEwpFbWVyeXZpbGxlMQ8wDQYDVQQKFAZTeWh
c2UxDDAKBgNVBAsUA0RTVDEXMBUGA1UEAxQOc3liYXNlX3Rlc3RfY2EwHhcNMDAw
ODE4MTkxMzM0WhcNMDEwODE4MTkxMzM0WjBvMQswCQYDVQQGEwJVUzETMBEGAUE
CBMKQ2FsaWZvcm5pYTETMBEGA1UEBxMKRW1lcnl2aWxsZTEPMA0GA1UEChQGU3li
YXNlMQwwCgYDVQQLFANEU1QxFzAVBgNVBAMUDnN5YmFzZV90ZXN0X2NhMIHwMIo
BgcqhkjOOAQBMIGcAkEA+6xG7XCxiklxbP96nHBnQrTLTCjHlcy8QhIekwv9OlqG
EMG9AjJLxj6VCkPOD75vqVMEkaPPjoIbXEJEe/aYXQIVAPyvY1+B9phC2e2YFcf7
cReCcSNxAkBHt7rnOJZ1Dnd8iLQGt0wd1w4lo/Xx2OeZS4CJW0KVKkGId1hNGz8r
GrQTspWcwTh2rNGbXxlNXhAV5g4OCgrYA0MAAkA70uNEl90Kmhdt3RISiceCMgOf
1J8dgtWF15mcHeS8OmF9s/vqPAR5NkaVk7LJK6kk7QvXUBY+8LMOugpJf/TYMAsG
ByqGSM44BAMFAAMxADAuAhUAhM2Icn1pSavQtXFzXJUCoOmNLpkCFQDtE8RUGuo8

        ZdxnQtPu9uJDmoBiUQ==

        -----END CERTIFICATE-----

Usage

The file, which is required for an SSL-based session, is used to start the SSL-enabled Adaptive Server.

After the CA’s root certificate is created, you can use it to sign multiple server certificates.

See also

Utilities certpk12, certreq