fix PKGNAME that broke download from GitHub

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: fix PKGNAME that broke download from GitHub
From: Frédéric Fauberteau <frederic%fauberteau.org@localhost>
Date: Wed, 12 Apr 2017 08:30:06 +0000
Module Name:	pkgsrc-wip
Committed By:	Frédéric Fauberteau <frederic%fauberteau.org@localhost>
Pushed By:	frederic
Date:		Wed Apr 12 10:30:06 2017 +0200
Changeset:	a32bb3367b8eba09e910e7546f61354878d0ed12

Modified Files:
	Makefile
Added Files:
	easy-rsa/DESCR
	easy-rsa/Makefile
	easy-rsa/PLIST
	easy-rsa/distinfo
	easy-rsa/files/easyrsa.1
Removed Files:
	easyrsa/DESCR
	easyrsa/Makefile
	easyrsa/PLIST
	easyrsa/distinfo
	easyrsa/files/easyrsa.1

Log Message:
fix PKGNAME that broke download from GitHub

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=a32bb3367b8eba09e910e7546f61354878d0ed12

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 Makefile                 |   2 +-
 easy-rsa/DESCR           |   3 +
 easy-rsa/Makefile        |  44 ++++++++
 easy-rsa/PLIST           |  20 ++++
 easy-rsa/distinfo        |   6 ++
 easy-rsa/files/easyrsa.1 | 273 +++++++++++++++++++++++++++++++++++++++++++++++
 easyrsa/DESCR            |   3 -
 easyrsa/Makefile         |  44 --------
 easyrsa/PLIST            |  20 ----
 easyrsa/distinfo         |   6 --
 easyrsa/files/easyrsa.1  | 273 -----------------------------------------------
 11 files changed, 347 insertions(+), 347 deletions(-)

diffs:
diff --git a/Makefile b/Makefile
index f937daa363..b740a1627f 100644
--- a/Makefile
+++ b/Makefile
@@ -606,7 +606,7 @@ SUBDIR+=	e2fsprogs
 SUBDIR+=	e3
 SUBDIR+=	e_dbus
 SUBDIR+=	easymesh
-SUBDIR+=	easyrsa
+SUBDIR+=	easy-rsa
 SUBDIR+=	eboard-extras
 SUBDIR+=	ecasound
 SUBDIR+=	ecb
diff --git a/easy-rsa/DESCR b/easy-rsa/DESCR
new file mode 100644
index 0000000000..fc9a7fb7fe
--- /dev/null
+++ b/easy-rsa/DESCR
@@ -0,0 +1,3 @@
+This is a small RSA key management package, based on the openssl command line
+tool, that can be found in the easy-rsa subdirectory of the OpenVPN
+distribution.
diff --git a/easy-rsa/Makefile b/easy-rsa/Makefile
new file mode 100644
index 0000000000..af34de9ecd
--- /dev/null
+++ b/easy-rsa/Makefile
@@ -0,0 +1,44 @@
+# $NetBSD$
+
+DISTNAME=		easy-rsa-3.0.1
+#PKGNAME=		${DISTNAME:S/-//1}
+CATEGORIES=		security
+MASTER_SITES=		${MASTER_SITE_GITHUB:=OpenVPN/}
+
+MAINTAINER=		pkgsrc-users%NetBSD.org@localhost
+HOMEPAGE=		https://github.com/OpenVPN/easy-rsa
+COMMENT=		Small RSA key management based on openssl command
+LICENSE=		gnu-gpl-v2
+
+EASYRSA_DOC_FILES=	COPYING ChangeLog KNOWN_ISSUES README README.quickstart.md
+EASYRSA_CNF_FILES=	openssl-1.0.cnf vars.example x509-types/COMMON x509-types/ca \
+			x509-types/client x509-types/server
+
+INSTALLATION_DIRS+=	${BINDIR} ${DOCDIR} ${EGDIR} ${PKGMANDIR}/man1
+BINDIR=			${PREFIX}/bin
+DOCDIR=			${PREFIX}/share/doc/easyrsa
+EGDIR=			${PREFIX}/share/examples/easyrsa
+PKG_SYSCONFSUBDIR=	easyrsa
+OWN_DIRS=		${PKG_SYSCONFDIR}/x509-types
+.for f in ${EASYRSA_CNF_FILES}
+REQD_FILES+=		${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
+.endfor
+
+NO_BUILD=		yes
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/easyrsa3/easyrsa ${DESTDIR}${BINDIR}/easyrsa
+	${INSTALL_MAN} ${FILESDIR}/easyrsa.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
+
+	${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}/x509-types
+.for f in ${EASYRSA_CNF_FILES}
+	${INSTALL_DATA} ${WRKSRC}/easyrsa3/${f} ${DESTDIR}${EGDIR}/${f}
+.endfor
+
+.for f in ${EASYRSA_DOC_FILES}
+	${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${DOCDIR}
+.endfor
+	${INSTALL_DATA} ${WRKSRC}/doc/* ${DESTDIR}${DOCDIR}
+
+.include "../../security/openssl/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/easy-rsa/PLIST b/easy-rsa/PLIST
new file mode 100644
index 0000000000..1ecc235f53
--- /dev/null
+++ b/easy-rsa/PLIST
@@ -0,0 +1,20 @@
+@comment $NetBSD$
+bin/easyrsa
+man/man1/easyrsa.1
+share/doc/easyrsa/COPYING
+share/doc/easyrsa/ChangeLog
+share/doc/easyrsa/EasyRSA-Advanced.md
+share/doc/easyrsa/EasyRSA-Readme.md
+share/doc/easyrsa/EasyRSA-Upgrade-Notes.md
+share/doc/easyrsa/Hacking.md
+share/doc/easyrsa/Intro-To-PKI.md
+share/doc/easyrsa/KNOWN_ISSUES
+share/doc/easyrsa/README
+share/doc/easyrsa/README.quickstart.md
+share/doc/easyrsa/TODO
+share/examples/easyrsa/openssl-1.0.cnf
+share/examples/easyrsa/vars.example
+share/examples/easyrsa/x509-types/COMMON
+share/examples/easyrsa/x509-types/ca
+share/examples/easyrsa/x509-types/client
+share/examples/easyrsa/x509-types/server
diff --git a/easy-rsa/distinfo b/easy-rsa/distinfo
new file mode 100644
index 0000000000..18d3f2213e
--- /dev/null
+++ b/easy-rsa/distinfo
@@ -0,0 +1,6 @@
+$NetBSD$
+
+SHA1 (easy-rsa-3.0.1.tar.gz) = 51c84141362eecfe83f4e6a11692ffbfab2ee3ba
+RMD160 (easy-rsa-3.0.1.tar.gz) = 366aab3dd216bee449532d5d1391135e6e1ab712
+SHA512 (easy-rsa-3.0.1.tar.gz) = 818e757041a035c2983951a688b111cb2e869f6e34830248f3643049257dd48ec58021b16afbac007d19838cc10eee9226500bcd0ed023de308bb8a210a9840c
+Size (easy-rsa-3.0.1.tar.gz) = 44242 bytes
diff --git a/easy-rsa/files/easyrsa.1 b/easy-rsa/files/easyrsa.1
new file mode 100644
index 0000000000..b63dc2ffbc
--- /dev/null
+++ b/easy-rsa/files/easyrsa.1
@@ -0,0 +1,273 @@
+.\" -*- nroff -*-
+.\"
+.Dd
+.Dt EASYRSA 1
+.Os
+.Sh NAME
+.Nm easyrsa
+.Nd manage RSA key
+.Sh SYNOPSIS
+.Nm easyrsa
+.Bk
+.Op Ar options
+.Oc Ar COMMAND
+.Op Ar command-options
+.Ek
+.Sh DESCRIPTION
+.Nm
+manages RSA key using
+.Xr openssl 1
+command line tool.
+.Pp
+The following options may be provided before the command. Options specified at
+runtime override env-vars and any 'vars' file in use. Unless noted, non-empty
+values to options are mandatory.
+.Ss GENERAL OPTIONS
+.Bl -tag
+.It Fl \&\-batch
+Set automatic (no-prompts when possible) mode.
+.Sm off
+.It Fl \&\-pki\-dir= Ar DIR
+.Sm on
+Declares the PKI directory.
+.Sm off
+.It Fl \&\-vars= Ar FILE
+.Sm on
+Define a specific 'vars' file to use for Easy-RSA config
+.El
+.Ss CERTIFICATE & REQUEST OPTIONS
+These options impact cert/req field values.
+.Bl -tag
+.Sm off
+.It Fl \&\-days= Ar #
+.Sm on
+Sets the signing validity to the specified number of days.
+.Sm off
+.It Fl \&\-digest= Ar ALG
+.Sm on
+Digest to use in the requests & certificates.
+.Sm off
+.It Fl \&\-dn\-mode= Ar MODE
+.Sm on
+DN mode to use (cn_only or org).
+.Sm off
+.It Fl \&\-keysize= Ar #
+.Sm on
+Size in bits of keypair to generate.
+.Sm off
+.It Fl \&\-req-cn= Ar NAME
+.Sm on
+Default CN to use.
+.Sm off
+.It Fl \&\-subca\-len= Ar #
+.Sm on
+Path length of signed sub-CA certs; must be >= 0 if used.
+.Sm off
+.It Fl \&\-subject\-alt\-name= Ar SAN_FORMAT_STRING
+.Sm on
+This global option adds a subjectAltName to the request or issued certificate.
+It MUST be in a valid format accepted by
+.Xr openssl 1
+or req/cert generation will fail. Note that including multiple such names
+requires them to be comma-separated; further invocations of this option will
+REPLACE the value.
+.Pp
+Examples of the
+.Ar SAN_FORMAT_STRING
+shown below:
+.Bl -tag -compact
+.It DNS:alternate.example.net
+.It DNS:primary.example.net,DNS:alternate.example.net
+.It IP:203.0.113.29
+.It email:alternate%example.net@localhost
+.El
+.Sm off
+.It Fl \&\-use\-algo= Ar ALG
+.Sm on
+Crypto alg to use: choose rsa (default) or ec.
+.Sm off
+.It Fl \&\-curve= Ar NAME
+.Sm on
+For elliptic curve, sets the named curve to use.
+.El
+.Ss ORGANIZATIONAL DN OPTIONS
+These options can only be used with the 'org' DN mode. The values may be blank.
+.Bl -tag
+.Sm off
+.It Fl \&\-req\-c= Ar CC
+.Sm on
+Country code (2-letters).
+.Sm off
+.It Fl \&\-req\-st= Ar NAME
+.Sm on
+State/Province.
+.Sm off
+.It Fl \&\-req\-city= Ar NAME
+.Sm on
+City/Locality.
+.Sm off
+.It Fl \&\-req\-org= Ar NAME
+.Sm on
+Organization.
+.Sm off
+.It Fl \&\-req\-email= Ar NAME
+.Sm on
+Email addresses.
+.Sm off
+.It Fl \&\-req\-ou= Ar NAME
+.Sm on
+Organizational Unit.
+.El
+.Ss DEPRECATED FEATURES
+.Bl -tag
+.Sm off
+.It Fl \&\-ns\-cert= Ar YESNO
+.Sm on
+Yes or no to including deprecated NS extensions.
+.Sm off
+.It Fl \&\-ns\-comment= Ar COMMENT
+.Sm on
+NS comment to include (value may be blank).
+.El
+.Ss COMMAND SUMMARY
+.Bl -tag
+.It Cm init-pki
+Removes & re-initializes the PKI dir for a clean PKI.
+.It Cm build-ca Op Ar cmd-opts
+Creates a new CA.
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm nopass
+do not encrypt the CA key (default is encrypted).
+.It Cm subca
+create a sub-CA keypair and request (default is a root CA).
+.El
+.It Cm gen-dh
+Generates DH (Diffie-Hellman) parameters.
+.It Cm gen-req Ar filename_base Op Ar cmd-opts
+Generate a standalone keypair and request (CSR).
+.Pp
+This request is suitable for sending to a remote CA for signing.
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm nopass
+do not encrypt the private key (default is encrypted).
+.El
+.It Cm sign-req Ar type Ar filename_base
+Sign a certificate request of the defined type.
+.Ar type
+must be a known type such as 'client', 'server', or 'ca' (or a user-added type).
+.Pp
+This request file must exist in the reqs/ dir and have a .req file extension. See
+.Cm import-req
+below for importing reqs from other sources.
+.It Cm build-client-full Ar filename_base Op Ar cmd-opts
+Generate a keypair and sign locally for a client.
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm nopass
+do not encrypt the private key (default is encrypted).
+.El
+.It Cm build-server-full Ar filename_base Op Ar cmd-opts
+Generate a keypair and sign locally for a server.
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm nopass
+do not encrypt the private key (default is encrypted).
+.El
+.It Cm revoke Ar filename_base
+Revoke a certificate specified by the
+.Ar filename_base .
+.It Cm gen-crl
+Generate a CRL.
+.It Cm update-db
+Update the index.txt database.
+.Pp
+This command will use the system time to update the status of issued certificates.
+.It Cm show-req Ar filename_base Op Ar cmd-opts
+ Shows details of the req referenced by
+.Ar filename_base .
+.Pp
+Human-readable output is shown, including any requested cert options when showing a request.
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm full
+show full req info, including pubkey/sig data.
+.El
+.It Cm show-cert Ar filename_base Op Ar cmd-opts
+ Shows details of the cert referenced by
+.Ar filename_base .
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm full
+show full cert info, including pubkey/sig data.
+.El
+.It Cm import-req Ar request_file_path Ar short_basename
+Import a certificate request from a file.
+.Pp
+This will copy the specified file into the reqs/ dir in preparation for signing. The.
+.Ar short_basename
+is the filename base to create.
+.Pp
+Example usage: import-req /some/where/bob_request.req bob
+.It Cm export-p7 Ar filename_base Op Ar cmd-opts
+Export a PKCS#7 file with the pubkey specified by
+.Ar filename_base .
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm noca
+do not include the ca.crt file in the PKCS7 output.
+.El
+.It Cm export-p12 Ar filename_base Op Ar cmd-opts
+Export a PKCS#12 file with the keypair specified by
+.Ar filename_base .
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm noca
+do not include the ca.crt file in the PKCS12 output.
+.It Cm nokey
+do not include the private key in the PKCS12 output
+.El
+.It Cm set-rsa-pass Ar filename_base Op Ar cmd-opts
+Set a new passphrase on an RSA key for the listed
+.Ar filename_base .
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm nopass
+use no password and leave the key unencrypted.
+.It Cm file
+(advanced) treat the file as a raw path, not a short-name.
+.El
+.It Cm set-ec-pass Ar filename_base Op Ar cmd-opts
+Set a new passphrase on an EC key for the listed
+.Ar filename_base .
+.Pp
+.Ar cmd-opts
+is an optional set of command options from this list:
+.Bl -tag -compact
+.It Cm nopass
+use no password and leave the key unencrypted.
+.It Cm file
+(advanced) treat the file as a raw path, not a short-name.
+.El
+.El
+.Sh SEE ALSO
+.Xr openssl 1
diff --git a/easyrsa/DESCR b/easyrsa/DESCR
deleted file mode 100644
index fc9a7fb7fe..0000000000
--- a/easyrsa/DESCR
+++ /dev/null
@@ -1,3 +0,0 @@
-This is a small RSA key management package, based on the openssl command line
-tool, that can be found in the easy-rsa subdirectory of the OpenVPN
-distribution.
diff --git a/easyrsa/Makefile b/easyrsa/Makefile
deleted file mode 100644
index ff71fd58f6..0000000000
--- a/easyrsa/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $NetBSD$
-
-DISTNAME=		easy-rsa-3.0.1
-PKGNAME=		${DISTNAME:S/-//1}
-CATEGORIES=		security
-MASTER_SITES=		${MASTER_SITE_GITHUB:=OpenVPN/}
-
-MAINTAINER=		pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=		https://github.com/OpenVPN/easy-rsa
-COMMENT=		Small RSA key management based on openssl command
-LICENSE=		gnu-gpl-v2
-
-EASYRSA_DOC_FILES=	COPYING ChangeLog KNOWN_ISSUES README README.quickstart.md
-EASYRSA_CNF_FILES=	openssl-1.0.cnf vars.example x509-types/COMMON x509-types/ca \
-			x509-types/client x509-types/server
-
-INSTALLATION_DIRS+=	${BINDIR} ${DOCDIR} ${EGDIR} ${PKGMANDIR}/man1
-BINDIR=			${PREFIX}/bin
-DOCDIR=			${PREFIX}/share/doc/easyrsa
-EGDIR=			${PREFIX}/share/examples/easyrsa
-PKG_SYSCONFSUBDIR=	easyrsa
-OWN_DIRS=		${PKG_SYSCONFDIR}/x509-types
-.for f in ${EASYRSA_CNF_FILES}
-REQD_FILES+=		${EGDIR}/${f} ${PKG_SYSCONFDIR}/${f}
-.endfor
-
-NO_BUILD=		yes
-
-do-install:
-	${INSTALL_SCRIPT} ${WRKSRC}/easyrsa3/easyrsa ${DESTDIR}${BINDIR}/easyrsa
-	${INSTALL_MAN} ${FILESDIR}/easyrsa.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
-
-	${INSTALL_DATA_DIR} ${DESTDIR}${EGDIR}/x509-types
-.for f in ${EASYRSA_CNF_FILES}
-	${INSTALL_DATA} ${WRKSRC}/easyrsa3/${f} ${DESTDIR}${EGDIR}/${f}
-.endfor
-
-.for f in ${EASYRSA_DOC_FILES}
-	${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${DOCDIR}
-.endfor
-	${INSTALL_DATA} ${WRKSRC}/doc/* ${DESTDIR}${DOCDIR}
-
-.include "../../security/openssl/buildlink3.mk"
-.include "../../mk/bsd.pkg.mk"
diff --git a/easyrsa/PLIST b/easyrsa/PLIST
deleted file mode 100644
index 1ecc235f53..0000000000
--- a/easyrsa/PLIST
+++ /dev/null
@@ -1,20 +0,0 @@
-@comment $NetBSD$
-bin/easyrsa
-man/man1/easyrsa.1
-share/doc/easyrsa/COPYING
-share/doc/easyrsa/ChangeLog
-share/doc/easyrsa/EasyRSA-Advanced.md
-share/doc/easyrsa/EasyRSA-Readme.md
-share/doc/easyrsa/EasyRSA-Upgrade-Notes.md
-share/doc/easyrsa/Hacking.md
-share/doc/easyrsa/Intro-To-PKI.md
-share/doc/easyrsa/KNOWN_ISSUES
-share/doc/easyrsa/README
-share/doc/easyrsa/README.quickstart.md
-share/doc/easyrsa/TODO
-share/examples/easyrsa/openssl-1.0.cnf
-share/examples/easyrsa/vars.example
-share/examples/easyrsa/x509-types/COMMON
-share/examples/easyrsa/x509-types/ca
-share/examples/easyrsa/x509-types/client
-share/examples/easyrsa/x509-types/server
diff --git a/easyrsa/distinfo b/easyrsa/distinfo
deleted file mode 100644
index 18d3f2213e..0000000000
--- a/easyrsa/distinfo
+++ /dev/null
@@ -1,6 +0,0 @@
-$NetBSD$
-
-SHA1 (easy-rsa-3.0.1.tar.gz) = 51c84141362eecfe83f4e6a11692ffbfab2ee3ba
-RMD160 (easy-rsa-3.0.1.tar.gz) = 366aab3dd216bee449532d5d1391135e6e1ab712
-SHA512 (easy-rsa-3.0.1.tar.gz) = 818e757041a035c2983951a688b111cb2e869f6e34830248f3643049257dd48ec58021b16afbac007d19838cc10eee9226500bcd0ed023de308bb8a210a9840c
-Size (easy-rsa-3.0.1.tar.gz) = 44242 bytes
diff --git a/easyrsa/files/easyrsa.1 b/easyrsa/files/easyrsa.1
deleted file mode 100644
index b63dc2ffbc..0000000000
--- a/easyrsa/files/easyrsa.1
+++ /dev/null
@@ -1,273 +0,0 @@
-.\" -*- nroff -*-
-.\"
-.Dd
-.Dt EASYRSA 1
-.Os
-.Sh NAME
-.Nm easyrsa
-.Nd manage RSA key
-.Sh SYNOPSIS
-.Nm easyrsa
-.Bk
-.Op Ar options
-.Oc Ar COMMAND
-.Op Ar command-options
-.Ek
-.Sh DESCRIPTION
-.Nm
-manages RSA key using
-.Xr openssl 1
-command line tool.
-.Pp
-The following options may be provided before the command. Options specified at
-runtime override env-vars and any 'vars' file in use. Unless noted, non-empty
-values to options are mandatory.
-.Ss GENERAL OPTIONS
-.Bl -tag
-.It Fl \&\-batch
-Set automatic (no-prompts when possible) mode.
-.Sm off
-.It Fl \&\-pki\-dir= Ar DIR
-.Sm on
-Declares the PKI directory.
-.Sm off
-.It Fl \&\-vars= Ar FILE
-.Sm on
-Define a specific 'vars' file to use for Easy-RSA config
-.El
-.Ss CERTIFICATE & REQUEST OPTIONS
-These options impact cert/req field values.
-.Bl -tag
-.Sm off
-.It Fl \&\-days= Ar #
-.Sm on
-Sets the signing validity to the specified number of days.
-.Sm off
-.It Fl \&\-digest= Ar ALG
-.Sm on
-Digest to use in the requests & certificates.
-.Sm off
-.It Fl \&\-dn\-mode= Ar MODE
-.Sm on
-DN mode to use (cn_only or org).
-.Sm off
-.It Fl \&\-keysize= Ar #
-.Sm on
-Size in bits of keypair to generate.
-.Sm off
-.It Fl \&\-req-cn= Ar NAME
-.Sm on
-Default CN to use.
-.Sm off
-.It Fl \&\-subca\-len= Ar #
-.Sm on
-Path length of signed sub-CA certs; must be >= 0 if used.
-.Sm off
-.It Fl \&\-subject\-alt\-name= Ar SAN_FORMAT_STRING
-.Sm on
-This global option adds a subjectAltName to the request or issued certificate.
-It MUST be in a valid format accepted by
-.Xr openssl 1
-or req/cert generation will fail. Note that including multiple such names
-requires them to be comma-separated; further invocations of this option will
-REPLACE the value.
-.Pp
-Examples of the
-.Ar SAN_FORMAT_STRING
-shown below:
-.Bl -tag -compact
-.It DNS:alternate.example.net
-.It DNS:primary.example.net,DNS:alternate.example.net
-.It IP:203.0.113.29
-.It email:alternate%example.net@localhost
-.El
-.Sm off
-.It Fl \&\-use\-algo= Ar ALG
-.Sm on
-Crypto alg to use: choose rsa (default) or ec.
-.Sm off
-.It Fl \&\-curve= Ar NAME
-.Sm on
-For elliptic curve, sets the named curve to use.
-.El
-.Ss ORGANIZATIONAL DN OPTIONS
-These options can only be used with the 'org' DN mode. The values may be blank.
-.Bl -tag
-.Sm off
-.It Fl \&\-req\-c= Ar CC
-.Sm on
-Country code (2-letters).
-.Sm off
-.It Fl \&\-req\-st= Ar NAME
-.Sm on
-State/Province.
-.Sm off
-.It Fl \&\-req\-city= Ar NAME
-.Sm on
-City/Locality.
-.Sm off
-.It Fl \&\-req\-org= Ar NAME
-.Sm on
-Organization.
-.Sm off
-.It Fl \&\-req\-email= Ar NAME
-.Sm on
-Email addresses.
-.Sm off
-.It Fl \&\-req\-ou= Ar NAME
-.Sm on
-Organizational Unit.
-.El
-.Ss DEPRECATED FEATURES
-.Bl -tag
-.Sm off
-.It Fl \&\-ns\-cert= Ar YESNO
-.Sm on
-Yes or no to including deprecated NS extensions.
-.Sm off
-.It Fl \&\-ns\-comment= Ar COMMENT
-.Sm on
-NS comment to include (value may be blank).
-.El
-.Ss COMMAND SUMMARY
-.Bl -tag
-.It Cm init-pki
-Removes & re-initializes the PKI dir for a clean PKI.
-.It Cm build-ca Op Ar cmd-opts
-Creates a new CA.
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm nopass
-do not encrypt the CA key (default is encrypted).
-.It Cm subca
-create a sub-CA keypair and request (default is a root CA).
-.El
-.It Cm gen-dh
-Generates DH (Diffie-Hellman) parameters.
-.It Cm gen-req Ar filename_base Op Ar cmd-opts
-Generate a standalone keypair and request (CSR).
-.Pp
-This request is suitable for sending to a remote CA for signing.
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm nopass
-do not encrypt the private key (default is encrypted).
-.El
-.It Cm sign-req Ar type Ar filename_base
-Sign a certificate request of the defined type.
-.Ar type
-must be a known type such as 'client', 'server', or 'ca' (or a user-added type).
-.Pp
-This request file must exist in the reqs/ dir and have a .req file extension. See
-.Cm import-req
-below for importing reqs from other sources.
-.It Cm build-client-full Ar filename_base Op Ar cmd-opts
-Generate a keypair and sign locally for a client.
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm nopass
-do not encrypt the private key (default is encrypted).
-.El
-.It Cm build-server-full Ar filename_base Op Ar cmd-opts
-Generate a keypair and sign locally for a server.
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm nopass
-do not encrypt the private key (default is encrypted).
-.El
-.It Cm revoke Ar filename_base
-Revoke a certificate specified by the
-.Ar filename_base .
-.It Cm gen-crl
-Generate a CRL.
-.It Cm update-db
-Update the index.txt database.
-.Pp
-This command will use the system time to update the status of issued certificates.
-.It Cm show-req Ar filename_base Op Ar cmd-opts
- Shows details of the req referenced by
-.Ar filename_base .
-.Pp
-Human-readable output is shown, including any requested cert options when showing a request.
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm full
-show full req info, including pubkey/sig data.
-.El
-.It Cm show-cert Ar filename_base Op Ar cmd-opts
- Shows details of the cert referenced by
-.Ar filename_base .
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm full
-show full cert info, including pubkey/sig data.
-.El
-.It Cm import-req Ar request_file_path Ar short_basename
-Import a certificate request from a file.
-.Pp
-This will copy the specified file into the reqs/ dir in preparation for signing. The.
-.Ar short_basename
-is the filename base to create.
-.Pp
-Example usage: import-req /some/where/bob_request.req bob
-.It Cm export-p7 Ar filename_base Op Ar cmd-opts
-Export a PKCS#7 file with the pubkey specified by
-.Ar filename_base .
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm noca
-do not include the ca.crt file in the PKCS7 output.
-.El
-.It Cm export-p12 Ar filename_base Op Ar cmd-opts
-Export a PKCS#12 file with the keypair specified by
-.Ar filename_base .
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm noca
-do not include the ca.crt file in the PKCS12 output.
-.It Cm nokey
-do not include the private key in the PKCS12 output
-.El
-.It Cm set-rsa-pass Ar filename_base Op Ar cmd-opts
-Set a new passphrase on an RSA key for the listed
-.Ar filename_base .
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm nopass
-use no password and leave the key unencrypted.
-.It Cm file
-(advanced) treat the file as a raw path, not a short-name.
-.El
-.It Cm set-ec-pass Ar filename_base Op Ar cmd-opts
-Set a new passphrase on an EC key for the listed
-.Ar filename_base .
-.Pp
-.Ar cmd-opts
-is an optional set of command options from this list:
-.Bl -tag -compact
-.It Cm nopass
-use no password and leave the key unencrypted.
-.It Cm file
-(advanced) treat the file as a raw path, not a short-name.
-.El
-.El
-.Sh SEE ALSO
-.Xr openssl 1
Prev by Date: lldb-netbsd: Set LLDB RegisterKind for Debug Registers
Next by Date: py-blessings moved to base
Previous by Thread: lldb-netbsd: Set LLDB RegisterKind for Debug Registers
Next by Thread: py-blessings moved to base
Indexes:
Home | Main Index | Thread Index | Old Index