SSCG(8) - phpMan

SSCG(8)                 System Administration Utilities                SSCG(8)
NAME
       sscg - Tool for generating x.509 certificates
SYNOPSIS
       sscg [OPTION...]
DESCRIPTION
       -q, --quiet
              Display no output unless there is an error.
       -v, --verbose
              Display progress messages.
       -d, --debug
              Enable  logging  of  debug messages.  Implies verbose.  Warning!
              This will print private key information to the screen!
       -V, --version
              Display the version number and exit.
       -f, --force
              Overwrite any pre-existing files in the requested locations
       --lifetime=1-3650
              Certificate lifetime (days). (default: 398)
       --country=US, CZ, etc.
              Certificate DN: Country (C). (default: "US")
       --state=Massachusetts, British Columbia, etc.
              Certificate DN: State or Province (ST).
       --locality=Westford, Paris, etc.
              Certificate DN: Locality (L).
       --organization=My Company
              Certificate DN: Organization (O).  (default: "Unspecified")
       --organizational-unit=Engineering, etc.
              Certificate DN: Organizational Unit (OU).
       --email=myname AT example.com
              Certificate DN: Email Address (Email).
       --hostname=server.example.com
              The  valid  hostname  of  the  certificate.  Must  be  an  FQDN.
              (default: current system FQDN)
       --subject-alt-name alt.example.com
              Optional  additional  valid  hostnames  for  the certificate. In
              addition to hostnames, this option also accepts explicit  values
              supported by RFC 5280 such as IP:xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy
              May be specified multiple times.
       --package=STRING
              Unused. Retained for  compatibility  with  earlier  versions  of
              sscg.
       --key-strength=2048 or larger
              Strength  of  the  certificate  private keys in bits.  (default:
              2048)
       --hash-alg={sha256,sha384,sha512}
              Hashing algorithm to use for signing.  (default: "sha256")
       --cipher-alg={des-ede3-cbc,aes-256-cbc}
              Cipher   to   use   for   encrypting   key   files.    (default:
              "aes-256-cbc")
       --ca-file=STRING
              Path  where  the public CA certificate will be stored. (default:
              "./ca.crt")
       --ca-mode=0644
              File mode of the created CA certificate.
       --ca-key-file=STRING
              Path where the CA's private key will be stored. If  unspecified,
              the key will be destroyed rather than written to the disk.
       --ca-key-mode=0600
              File mode of the created CA key.
       --ca-key-password=STRING
              Provide  a  password for the CA key file. Note that this will be
              visible in the process table for all users, so it should be used
              for    testing    purposes   only.   Use   --ca-keypassfile   or
              --ca-key-password-prompt for secure password entry.
       --ca-key-passfile=STRING
              A file containing the password to encrypt the CA key file.
       -C, --ca-key-password-prompt
              Prompt to enter a password for the CA key file.
       --crl-file=STRING
              Path where an (empty) Certificate Revocation List file  will  be
              created,  for  applications that expect such a file to exist. If
              unspecified, no such file will be created.
       --crl-mode=0644
              File mode of the created Certificate Revocation List.
       --cert-file=STRING
              Path where  the  public  service  certificate  will  be  stored.
              (default "./service.pem")
       --cert-mode=0644
              File mode of the created certificate.
       --cert-key-file=STRING
              Path  where  the service's private key will be stored.  (default
              "service-key.pem")
       --cert-key-mode=0600
              File mode of the created certificate key.
       -p, --cert-key-password=STRING
              Provide a password for the service key  file.   Note  that  this
              will be visible in the process table for all users, so this flag
              should be used for testing purposes only. Use --cert-keypassfile
              or --cert-key-password-prompt for secure password entry.
       --cert-key-passfile=STRING
              A file containing the password to encrypt the service key file.
       -P, --cert-key-password-prompt
              Prompt to enter a password for the service key file.
       --client-file=STRING
              Path where a client authentication certificate will be stored.
       --client-mode=0644
              File mode of the created certificate.
       --client-key-file=STRING
              Path where the client's private key will be stored.  (default is
              the client-file)
       --client-key-mode=0600
              File mode of the created certificate key.
       --client-key-password=STRING
              Provide a password for the client key file.  Note that this will
              be  visible  in  the  process  table for all users, so this flag
              should be used for testing purposes only. Use  --client-keypass-
              file or --client-key-password-prompt for secure password entry.
       --client-key-passfile=STRING
              A file containing the password to encrypt the client key file.
       --client-key-password-prompt
              Prompt to enter a password for the client key file.
       --dhparams-file=STRING
              A  file to contain a set of Diffie-Hellman parameters. (Default:
              "./dhparams.pem")
       --dhparams-named-group=STRING
              Output well-known DH parameters. The available named groups are:
              ffdhe2048,    ffdhe3072,    ffdhe4096,   ffdhe6144,   ffdhe8192.
              (Default: "ffdhe4096")
       --dhparams-prime-len=INT
              The length of the prime number  to  generate  for  dhparams,  in
              bits.  If  set  to  non-zero,  the  parameters will be generated
              rather than using a well-known group. (default: 0)
       --dhparams-generator={2,3,5}
              The generator value for dhparams.  (default: 2)
   Help options:
       -?, --help
              Show this help message
       --usage
              Display brief usage message
sscg 3.0.0                        April 2023                           SSCG(8)