lprng_certs man page on OSF1

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
OSF1 logo
[printable version]

LPRNG_CERTS(1)							LPRNG_CERTS(1)

NAME
       lprng_certs - lprng SSL certificate management

SYNOPSIS
       lprng_certs option
	Options:
	 init	  - make directory structure
	 newca	  - make new root CA
	 defaults - set new default values for certs
	 gen	  - generate user, server, or signing cert
	 index [dir] - index cert files
	 verify [cert] - verify cert file
	 encrypt keyfile
		  - set or change keyfile password

DESCRIPTION
       The  lprng_certs	 program  is  used  to manage SSL certificates for the
       LPRng software.	There SSL certificate structure consists of a  hierar‐
       chy  of	certificates.	The  LPRng software assumes that the following
       types of certificates will be used:

       CA or root
	      A top level or self-signed certificate.

       signing
	      A certificate that can be used to sign other certificates.  This
	      is signed by the root CA or another signing certificate.

       user   A	 certificate  used by a user to identify themselves to the lpd
	      server.

       server A certificate used by the lpd server to identify	themselves  to
	      the user or other lpd servers.

Signing Certificates
       All  of	the signing certificates, including the root certificate (root
       CA), /usr/local/etc/lpd/ssl.ca/ca.crt, are in the same directory as the
       root  CA	 file.	 Alternately, all of the signing certs can be concate‐
       nated and put into a single file, which by  convention  is  assumed  to
       have	the	same	 name	  as	 the	 root	  CA	 file,
       /usr/local/etc/lpd/ssl.ca/ca.crt.  The  ssl_ca_file,  ssl_ca_path,  and
       ssl_ca_key  printcap  and  configuration options can be used to specify
       the locations of the root CA files, a directory containing the  signing
       certificate  files,  and	 the  private  key  file  for the root CA file
       respectively.

       The root certificate (root  CA  file)  /usr/local/etc/lpd/ssl.ca/ca.crt
       has  a  private	key file /usr/local/etc/lpd/ssl.ca/ca.key as well.  By
       convention, the private keys for the other  signing  certificate	 files
       are stored in the certificate file.

       The OpenSSL software requires that this directory also contain a set of
       hash files which are, in effect, links to these files.

       By default, all signing certificates are assumed	 to  be	 in  the  same
       directory as the root certificate.

Server Certificates
       The  certificate	 used by the lpd server are kept in another directory.
       These files do not need to have hash links to them.  By convention, the
       private	keys for these certificate files are stored in the certificate
       file.  The server certificate file is specified by the  ssl_server_cert
       and  has	 the  default  value /usr/local/etc/lpd/ssl.server/server.crt.
       This file contains the cert and private key.   The  server  certificate
       password	  file is specified by the ssl_server_password option with the
       default value @SSL_SERVER_PASSWORD@ and contains the password  used  to
       decrypt	the  servers  private key and use it for authentication.  This
       key file should be read only by the lpd server.

User Certificates
       The certificates used by users are kept in a separate directory in  the
       users  home  directory.	By convention, the private keys for these cer‐
       tificate files are stored in the certificate file.

       The user certificate file is specified by the LPR_SSL_FILE  environment
       variable,  otherwise the ${HOME}/.lpr/client.crt is used.  The password
       is taken from the file specified by  the	 LPR_SSL_PASSWORD  environment
       variable, otherwise the ${HOME}/.lpr/client.pwd file is read.

USING LPRNG_CERTS
       The  organization  of  the SSL certificates used by LPRng is similar to
       that used by other programs such as the Apache  mod_ssl	support.   The
       lprng_certs  program  is used to create the directory structure, create
       certificates for the root CA, signing, user and servers.	 In  order  to
       make managment simple, the following support is provided.

lprng_certs init
       This  command  creates  the  directories used by the lpd server.	 It is
       useful when setting up a new lpd server.

lprng_certs newca
       This command creates a self-signed certificate, suitable for use	 as  a
       root CA certificate.  It also sets up a set of default values for other
       certificate creation.

lprng_certs defaults
       This command is used to modify the set of default values.

       The default values are listed and should	 be  self-explanatory,	except
       for  the	 value of the signer certificate.  By default, the root CA can
       be used to sign certificates.  However, a signing  certificate  can  be
       used as well.  This allows delegation of signing authority without com‐
       promising the security of the root CA.

lprng_certs gen
       This is used to generate a user, server, or signing certificate.

lprng_certs index
       This is used to create the indexes for the signing certificates.

lprng_certs verify [cert]
       This checks the certificate file using the Openssl openssl verify  com‐
       mand.

lprng_certs encrypt keyfile
       This  removes all key information from the key file, reencrypts the key
       information, and the puts the encrypted key information in the file.

LPRng OPTIONS
       Option			Purpose
       ssl_ca_path		directory holding the SSL signing certs
       ssl_ca_file		file holding the root CA or all SSL signing certs
       ssl_server_cert		cert file for the server
       ssl_server_password	file containing password for server server
       ${HOME}/.lpr/client.crt	client certificate file
       ${HOME}/.lpr/client.pwd	client certificate private key password

ENVIRONMENT VARIABLES
       LPR_SSL_FILE		client certificate file
       LPR_SSL_PASSWORD		client certificate private key password

EXIT STATUS
       The following exit values are returned:

       zero (0)	      Successful completion.

       non-zero (!=0) An error occurred.

SEE ALSO
       lpd.conf(5),  lpc(8),  lpd(8),  checkpc(8),  lpr(1),  lpq(1),  lprm(1),
       printcap(5), lpd.conf(5), pr(1), lprng_certs(1), lprng_index_certs(1).

HISTORY
       LPRng  is  a enhanced printer spooler system with functionality similar
       to  the	Berkeley  LPR	software.    The   LPRng   mailing   list   is
       lprng@lprng.com;	 subscribe  by sending mail to lprng-request@lprng.com
       with the word subscribe in the body.  The software  is  available  from
       ftp://ftp.lprng.com/pub/LPRng.

AUTHOR
       Patrick Powell <papowell@lprng.com>.

LPRng				  LPRng-3.9.0			LPRNG_CERTS(1)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server OSF1

List of man pages available for OSF1

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net