Linux command
certtool 命令
文件
复制后可按需替换文件名、目录或参数。
常用示例
Example
certtool -p --outfile [path/to/private.key]
Example
certtool -s --load-privkey [path/to/private.key] --template [path/to/info.template] --outfile [path/to/certificate.crt]
Example
certtool -q --load-privkey [path/to/private.key] --template [path/to/info.template] --outfile [path/to/request.csr]
Example
certtool -s --load-privkey [path/to/ca.key] --template [path/to/ca.template] --outfile [path/to/ca.crt]
Verify
certtool --verify --infile [path/to/certificate.crt] --load-ca-certificate [path/to/ca.crt]
说明
certtool generates and manages X.509 certificates, private keys, certificate signing requests, and other PKI structures using the GnuTLS library. It serves as an alternative to OpenSSL's certificate tools with a distinct command-line interface and template-based workflow. Certificate attributes such as organization name, common name, validity period, key usage, and extensions are defined in template files rather than passed as command-line arguments. This makes complex certificate configurations reproducible and scriptable. The template syntax uses simple key-value pairs. The tool supports the full PKI workflow: generating private keys, creating self-signed CA certificates, issuing certificate signing requests, signing certificates with a CA, and verifying certificate chains.
参数
- -p, --generate-privkey
- Generate a private key
- -s, --generate-self-signed
- Generate a self-signed certificate
- -q, --generate-request
- Generate a certificate signing request
- --generate-certificate
- Generate a certificate from CSR
- --load-privkey _file_
- Load private key from file
- --template _file_
- Use template file for certificate info
- --outfile _file_
- Output file path
- --verify
- Verify certificate chain
- -i, --certificate-info
- Display certificate information
FAQ
What is the certtool command used for?
certtool generates and manages X.509 certificates, private keys, certificate signing requests, and other PKI structures using the GnuTLS library. It serves as an alternative to OpenSSL's certificate tools with a distinct command-line interface and template-based workflow. Certificate attributes such as organization name, common name, validity period, key usage, and extensions are defined in template files rather than passed as command-line arguments. This makes complex certificate configurations reproducible and scriptable. The template syntax uses simple key-value pairs. The tool supports the full PKI workflow: generating private keys, creating self-signed CA certificates, issuing certificate signing requests, signing certificates with a CA, and verifying certificate chains.
How do I run a basic certtool example?
Run `certtool -p --outfile [path/to/private.key]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -p, --generate-privkey do in certtool?
Generate a private key