.\" $OpenBSD: certpatch.8,v 1.8 2003/06/04 07:31:17 ho Exp $
.\" $EOM: certpatch.8,v 1.5 2000/04/07 22:17:11 niklas Exp $
.\"
.\" Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
.\" Copyright (c) 1999 Angelos D. Keromytis.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" This code was written under funding by Ericsson Radio Systems.
.\"
.\" Manual page, using -mandoc macros
.\"
.Dd July 18, 1999
.Dt CERTPATCH 8
.Os
.Sh NAME
.Nm certpatch
.Nd add subjectAltName identities to X.509 certificates
.Sh SYNOPSIS
.Nm certpatch
.Op Fl t Ar identity-type
.Fl i
.Ar identity
.Fl k
.Ar signing-key
.Ar input-certificate output-certificate
.Sh DESCRIPTION
.Nm
alters PEM-encoded X.509 certificates by adding a subjectAltName extension
containing an identity used by the signature-based authentication schemes
of the ISAKMP protocol.
After the addition the certificate will be signed
once again with the supplied CA signing key.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl t Ar identity-type
If given, the
.Fl t
option specifies the type of the given identity.
Currently
.Li ip ,
.Li fqdn ,
and
.Li ufqdn
are recognized.
The default is
.Li ip .
.It Fl i Ar identity
The
.Fl i
option takes an argument which is the identity to put into the
subjectAltName field of the certificate.
If the identity-type is
.Li ip ,
this argument should be an IPv4 address in dotted decimal notation.
.It Fl k Ar signing-key
The
.Fl k
option specifies the key used for signing the certificate once the
subjectAltName extension has been added.
The key is specified by
the filename where it is stored in PEM format.
.El
.Sh SEE ALSO
.Xr isakmpd 8 ,
.Xr ssl 8