Man Linux: Main Page and Category List


       shib-keygen - Generate a key pair for a Shibboleth SP


       shib-keygen [-bf] [-e entity-id] [-h hostname]
           [-y years]


       Generate a self-signed X.509 certificate for a Shibboleth SP.  By
       default, the certificate will be for the local fully-qualified (as
       returned by "hostname --fqdn") hostname.  An entity ID can be specified
       with the -e flag.  The openssl command-line client is used to generate
       the key pair.  The public certificate will be created in
       /etc/shibboleth/sp-cert.pem and the private key in


       -b  Suppress all standard error output when creating the certificate.
           This option is normally only used by the package build.

       -e entity-id
           Add entity-id (which should be a URI) as an alternative name for
           the certificate.

       -f  Remove /etc/shibboleth/sp-cert.pem and /etc/shibboleth/sp-key.pem
           before generating a new certificate.  Without this option, if those
           files already exist, shib-keygen prints an error and exits rather
           than overwriting them.

       -h hostname
           Specify the fully-qualified domain name for which to generate a
           certificate.  If this option isn’t given, the hostname defaults to
           the result of "hostname --fqdn".

       -y years
           The number of years for which the certificate should be valid.  The
           default expiration time is ten years into the future.


           The OpenSSL configuration file used for generating the self-signed
           certificate.  This configuration file is generated when the script
           is run and deleted afterwards.

           The public certificate created by this script.

           The private key for the certificate created by this script.


       This manual page was written by Russ Allbery for Debian GNU/Linux.


       Copyright 2008 Russ Allbery.  This manual page is hereby placed into
       the public domain by its author.