sourCEntral - mobile manpages

pdf

SHIB-KEYGEN

NAME

shib−keygen − Generate a key pair for a Shibboleth SP

SYNOPSIS

shib-keygen [−bf] [−e entity-id] [−h hostname]
[−y years]

DESCRIPTION

Generate a self-signed X.509 certificate for a Shibboleth SP . By default, the certificate will be for the local fully-qualified (as returned by "hostname −−fqdn") hostname. An entity ID can be specified with the −e flag. The openssl command-line client is used to generate the key pair. The public certificate will be created in /etc/shibboleth/sp−cert.pem and the private key in /etc/shibboleth/sp−key.pem.

OPTIONS

−b

Suppress all standard error output when creating the certificate. This option is normally only used by the package build.

−e entity-id

Add entity-id (which should be a URI ) as an alternative name for the certificate.

−f

Remove /etc/shibboleth/sp−cert.pem and /etc/shibboleth/sp−key.pem before generating a new certificate. Without this option, if those files already exist, shib-keygen prints an error and exits rather than overwriting them.

−h hostname

Specify the fully-qualified domain name for which to generate a certificate. If this option isn’t given, the hostname defaults to the result of "hostname −−fqdn".

−y years

The number of years for which the certificate should be valid. The default expiration time is ten years into the future.

FILES

/etc/shibboleth/sp−cert.cnf

The OpenSSL configuration file used for generating the self-signed certificate. This configuration file is generated when the script is run and deleted afterwards.

/etc/shibboelth/sp−cert.pem

The public certificate created by this script.

/etc/shibboleth/sp−key.pem

The private key for the certificate created by this script.

AUTHOR

This manual page was written by Russ Allbery for Debian GNU/Linux.

COPYRIGHT

Copyright 2008 Russ Allbery. This manual page is hereby placed into the public domain by its author.

pdf