McAfee MEJCAE-AM-DA Product Guide - Page 130
Modifiers, Notes, key-split, Syntax
View all McAfee MEJCAE-AM-DA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 130 highlights
Using Command-Line Options Modifiers --allow-passphrase-retry --cert-attribute --depth --expires-after --issuer-dn --issuer-serial --multi --passphrase --regexp --sign-with --sig-type --start-date --x509 Tells E-Business Server to abort an encryption operation if the user does not specify a passphrase in the original encryption command, or the supplied passphrase is not correct. Adds certificate attributes to the certificate you are creating. Specifies how many levels deep you can set trust for a meta or trusted introducer signature. Specifies the number of days your signature is considered valid or a future date when your signature should expire. Enter the date in YYYY-MM-DD format. By default, the signature never expires. Identifies the certificate issuer's distinguished name. Identifies the issuer's assigned serial number for the certificate. When used in conjunction with the --issuer-dn option, this uniquely identifies the certificate. Signs all keys that match the user ID. Specifies the passphrase used for key signing. Specifies a regular expression to attach to your signature. If the regular expression contains spaces, then you must enclose it in quotes. Note that you may need to escape special shell characters. Selects the key you want to sign with. By default, E-Business Server uses the key specified by the DEFAULT-KEY parameter in the E-Business Server configuration file. Specifies the type of signature you want to add to the key you are signing. Your options are: local (non) | exportable (export) | meta | introducer (trusted). By default, the signature type specified by the SIG-TYPE parameter in the E-Business Server configuration file is used. This option is only valid when creating X.509 certificate signatures. Specifies a future date when your signature becomes valid. By default, this is the creation date. Enter a future date in YYYY-MM-DD format. Indicates that you want to create an X.509 certificate signature instead of a regular signature. Notes • The --issuer-dn, --issuer-serial and --cert-attribute options are only valid when --x509 is also specified. • Certificate attributes are entered in name=value format. Name represents the type of attribute you want to define, such as Email (E), OrganizationName (O), or Location (L). Value represents your definition for the corresponding attribute. If the value contains spaces, then you must enclose it in quotes. For example, O="McAfee" indicates that the organization that owns the certificate is McAfee. You can list several certificate attributes when creating X.509 certificates. Simply precede each name=value pair with --cert-attribute. For more information, see Specifying certificate attributes on page 51. • For more information on signing keys, see Signing a key on page 48. For more information on creating X.509 certificates, see Issuing X.509 certificates on page 56. key-split Use the --key-split option to split a private key into shares. This is recommended for extremely high security keys. For more information on splitting keys, see Creating a split key on page 37. Syntax ebs --key-split E-Business Server™ 8.6 Product Guide 128