vtl createCert

Name

vtl createCert

Syntax

vtl createCert -n <common name/server hostname> [-c <country code>] [-s <state>] [-l <locality>] [-o <organization name>] [-u <organization unit name>] [-e <e-mail address>] [-P <private key out filename>][-C <certificate out filename>] [-d <certificate validity period>] [-v]

Description

Creates the client's certificate and private key that are used by NTLS. Re-creates the key and certificate if they already exist.

CAUTION!   If the key and certificate are re-created, the client will need to be removed and re-registered from each of the SafeNet servers with which it was registered.

NOTE   The server hostname (-n) is the only mandatory field for certificate creation. This is because all other fields of the certificate are used simply for display and visual confirmation purposes. The NTLA never displays certificate data fields to the user, so the content in these fields is irrelevant.

Options

-n <server hostname>  [mandatory] The hostname (or IP address) of the server to add.

-c <country>  [optional] The country in which the client computer resides.                (Data not used.)

-s <state>  [optional] The state in which the client computer resides. (Data not used.)

-s <locality>  [optional] The city/locality in which the client computer resides. (Data not used.)

-o <organization>  [optional] The organization to which the client computer belongs. i.e. SafeNet-inc (Data not used.)

-u <organizational unit>  [optional] The unit within the organization to which the client belongs. i.e. Engineering, or IT (Data not used.)

-e <e-mail>  [optional] An E-mail address for the certificate. (Data not used.)

-P <private key outfile name>  [optional - default filename is <hostname/ip>Key.pem] A filename for the private key to be created. Only use this switch if you have a need to override the default value.

-C <certificate outfile name>  [optional - default filename is <hostname/ip>.pem] A filename for the certificate to be created. Use this switch only if you have a need to override the default value.

-d <certificate validity period> [optional - default is 3650, or 10 years] Specifies the validity period for the client certificate, in days.

-v   [optional] Verbose mode. Output extra information while creating the certificate and private key.

Example

Windows
vtl createCert -n test 
Private Key created and written to: E:\temp\clientCerts\testKey.pem
Certificate created and written to: E:\temp\clientCerts\test.pem 
 
vtl createCert -n test -v
Using configuration from C:\Program Files\SafeNet\LunaClient\openssl.cnf
It needs to be at least 1024
Writing new private key to stdout E:\temp\clientCerts\testKey.pem'
CA [CA]:CA
Ontario [Ontario]:Ontario
Ottawa [Ottawa]:Ottawa
My company [My company]:My company
 []:
test [test]:test
 []:
Private Key created and written to: E:\temp\clientCerts\testKey.pem
Certificate created and written to: E:\temp\clientCerts\test.pem
UNIX
vtl createCert -n test 
Private Key created and written to: /usr/safenet/lunaclient/cert/client/testKey.pem
Certificate created and written to: /usr/safenet/lunaclient/cert/client/test.pem


Customer Support Portal

SafeNet Luna Network HSM 7.2 Product Documentation  25 November 2019  Copyright 2001-2019 Thales. All rights reserved.