Copyright Digital Equipment Corp. All rights reserved.

CDSA$CERTGEN.EXE

  The certgen utility allows the user to create digital 
  certificates in the form runfilename.cer.
  Private keys will be placed in [.CDSA.PKD]csp-name.PRI under  
  the login directory of the current process.

  This program generally is called by 
  CDSA_SYSDIR:[SIGN]CDSA$GEN_CERTS.COM.

SYNOPSIS

  certgen [runfilename] 

OPTIONS

  runfilename

  This optional parameter specifies the name of the run file that 
  contains the parameters that certgen needs to create a certificate.  
  If no run file is specified, the default run file is 
  certgen.run in the current directory.

  A certgen run file contains the following items, 
  as appropriate - each on a separate line: 

    certtype location
       certtype can be one of the following:
       -s Indicates a self-signed certificate.
       -i Indicates a certificate signed by another certificate.
       -v Indicates that the created certificate takes its subject and 
          public key from a certificate issued by another vendor. 
          You cannot use this option to create a self-signed certificate.
          
       location indicates where the issuer certificate is read 
       from if -i or -v is specified.

    filename
       If certtype is -s or -i, filename indicates the location of the 
       XML template that contains the Subject Name that must go into this 
       certificate. If certtype is -v, filename indicates the location of 
       the Vendor Certificate.

    algorithm
       Indicates the algorithm used to generate the key pair associated  
       with the certificate being created. Algorithm can be either DSA 
       or RSA. The specified algorithm must be supported by one of the 
       Cryptographic Service Providers available in the local 
       implementation of CDSA.  
       This parameter is not valid if -v is specified for certtype.

    keysize
       Specifies the logical key size (in bits) of the key pair being 
       generated. Typical examples are 128, 256, 512, 1024, and so on.  
       The specified key size must be supported by one of the 
       Cryptographic Service Providers available in the local 
       implementation of CDSA.
       This parameter is not valid if -v is specified for certtype.

    cspguid
       The globally unique identifier of the Cryptographic Service 
       Provider that is being used.

    certfile
       The output file into which the created certificate is to 
       be written.

    subject_password
       The password used to protect a key pair if one is being 
       generated. This parameter is not valid if -v is specified 
       for certtype.

    issuer_password
       The password used to unlock the private key required to 
       sign the generated certificate.  
       This parameter is not valid if -s is specified for certtype.

    validity_period
       The validity period for the certificate.  This parameter 
       contains a start and end date for the validity period in the 
       form YYMMDDHHMMSS YYMMDDHHMMSS.  
       The validity period  cannot extend beyond the year 2049.  
       If validity_period is not specified, the validity period for 
       the certificate lasts for exactly one year.

Additional information available:

EXAMPLE