SHIB-KEYGEN(8)
NAME
shib-keygen - Generate a key pair for a Shibboleth SP
SYNOPSIS
shib-keygen [-bf] [-e entity-id] [-h hostname] [-y years]
DESCRIPTION
Generate a self-signed X.509 certificate for a Shibboleth SP. By
default, the certificate will be for the local fully-qualified (as
returned by "hostname --fqdn") hostname. An entity ID can be specified
with the -e flag. The openssl command-line client is used to generate
the key pair. The public certificate will be created in
/etc/shibboleth/sp-cert.pem and the private key in
/etc/shibboleth/sp-key.pem.
OPTIONS
- -b Suppress all standard error output when creating the certificate.
- This option is normally only used by the package build.
- -e entity-id
- Add entity-id (which should be a URI) as an alternative name for the certificate.
- -f Remove /etc/shibboleth/sp-cert.pem and /etc/shibboleth/sp-key.pem
- before generating a new certificate. Without this option, if those files already exist, shib-keygen prints an error and exits rather than overwriting them.
- -h hostname
- Specify the fully-qualified domain name for which to generate a
certificate. If this option isn't given, the hostname defaults to the result of "hostname --fqdn". - -y years
- The number of years for which the certificate should be valid. The default expiration time is ten years into the future.
FILES
- /etc/shibboleth/sp-cert.cnf
- The OpenSSL configuration file used for generating the self-signed certificate. This configuration file is generated when the script is run and deleted afterwards.
- /etc/shibboelth/sp-cert.pem
- The public certificate created by this script.
- /etc/shibboleth/sp-key.pem
- The private key for the certificate created by this script.
AUTHOR
This manual page was written by Russ Allbery for Debian GNU/Linux.
COPYRIGHT
- Copyright 2008 Russ Allbery. This manual page is hereby placed into
the public domain by its author.