GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ssl-admin(1) FreeBSD General Commands Manual ssl-admin(1)

ssl-admin - OpenSSL Certificate Manager

ssl-admin

ssl-admin is a menu-driven tool designed to simplify the management and distriibution of SSL certificates. ssl-admin was originally written to manage SSL certificates for use with OpenVPN. This functionality has not been removed.

There are a number of core operations within ssl-admin, often times mutually exlusive of one another. For example, you cannot generate a new CA certificate and generate a client certificate all at once.

--new-ca
This command will generate a new root certificate and key pair and store the new files in work-dir. If you add the optional --clean argument, you will wipe out the existing certificate store.

--int-ca
This command will generate an intermediate CA certficate which can be used for signing sub keys, etc.

--client-cert, --ccert
This will generate a client signing request, certificate, and key.

--server-cert, --scert
This will generate a client signing request, certificate, and key, with server extensions enabled.

--dh, --diffie-hellman
Generates the Diffie-Hellman prime.

--revoke
Used to revoke a certificate in the store.

--crl-list
This outputs a list of revoked certificates.

There are a number of directories within /usr/local/etc/ssl-admin/ which contain the working and datafiles.
ACTIVE (/usr/local/etc/ssl-admin/active)
The active directory contains certificates that have not been revoked. The only keys that are REQUIRED to be present are ca.crt and ca.key.

CSR (/usr/local/etc/ssl-admin/csr)
The csr directory contains certificate signing requests and keys for those keys which have been created using ssl-admin. If you need to sign a certificate signing request generated elsewhere, place the .csr here. The key files are not required to be present.

PACKAGES (/usr/local/etc/ssl-admin/packages)
The packages directory contains any zipped packages you've built with ssl-admin. Packages are generally used to distribute signed certificates to end users.

PROG (/usr/local/etc/ssl-admin/prog)
The prog directory contains all the data files used by ssl-admin. DO NOT EDIT OR MODIFY THE FILES IN THIS DIRECTORY unless you know exactly what you are doing. If you are running OpenVPN, you may point your OpenVPN crl-verify config option to /usr/local/etc/ssl-admin/prog/crl.pem.

REVOKED (/usr/local/etc/ssl-admin/revoked)
The revoked directory contains certificates and keys for those certificates that have been revoked within ssl-admin.

UPDATE RUN-TIME OPTIONS
CREATE NEW CERTIFICATE REQUEST

SIGN A CERTIFICATE REQUEST

PERFORM A ONE-STEP REQUEST/SIGN

REVOKE A CERTIFICATE

RENEW/RE-SIGN A PAST CERTIFICATE REQUEST

VIEW CURRENT CRL

VIEW INDEX INFORMATION

ZIP/PACKAGE END-USER FILES

GENERATE DIFFIE-HELLMAN

CREATE SELF-SIGNED CA

CREATE SIGNED SERVER CERTIFICATE

QUIT SSL-ADMIN

This man page needs to be completed.

OpenVPN client.ovpn error
There is an error when making a new certificate that client.ovpn doesn't exist.

/usr/local/etc/ssl-admin/ssl-admin.conf

ssl-admin.conf(5), openssl(1)

Eric Crist <ecrist@secure-computing.net>

v~~~VERSION~~~ $Id: ssl-admin.1 356 2014-06-25 02:59:57Z ecrist $

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.