honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[DOCS] Improve docs for "--pass" option in certutil (elastic/x-pack-elasticsearch#4352) 

The handling of the "--pass" option has complex rules due to the
different requirements of different output formats, and the way
joptsimple handles specs with optional arguments.

A standard unix shell will parse
    certutil --pass=""
as being identical to
    certutil --pass=
and joptsimple treats that as being "no argument", i.e. the same as
    certutil --pass

The only way to pass a blank password is
    certutil --pass ""
(though this is shell dependent)

Original commit: elastic/x-pack-elasticsearch@bc09d0f298
This commit is contained in:
Tim Vernum 2018-04-17 11:05:09 +10:00 committed by GitHub
parent 7cd99d2f96
commit 5eac9fd1a4
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/en/commands/certutil.asciidoc
View File

@ -173,6 +173,15 @@ with the `ca` parameter.
`--out <file_path>`:: Specifies a path for the output files.
`--pass <password>`:: Specifies the password for the generated private keys.
+
Keys stored in PKCS#12 format are always password protected.
+
Keys stored in PEM format are password protected only if the
`--pass` parameter is specified. If you do not supply an argument for the
`--pass` parameter, you are prompted for a password.
+
If you want to specify a _blank_ password (without prompting), use
`--pass ""` (with no `=`).
`--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This
parameter cannot be used with the `csr` parameter.