Novell Documentation: NSure Audit

G.6 AudCGen

AudCGen is a command line utility that generates custom x.509 certificates for the Secure Logging Server and logging applications. Novell Nsure Audit uses certificates to authenticate logging applications and sign events. For more information on generating certificates, see Section 10.0, Security and Non-Repudiation.

The AudCGen syntax is as follows:

audcgen -cert:filename -pkey:filename [-f] [base:directory] [-bits:number] [-serial:number] 
[-valid:days] {-ss | -appcert:filename -apppkey:filename -app:Application_Identifier | -v 
-out:target_certificate}

The following table reviews each of the command parameters.

Parameter	Description
-cert:filename	The path and filename for the Secure Logging Certificate. The default path and filename is base/cacert.pem .
-pkey:filename	The path and filename for the Secure Logging Certificate's private key. The default path and filename is base/capkey.pem .
[-f]	Force overwrite. AudCGen overwrites any existing certificates or private keys of the same name (for example, cacert.pem and capkey.pem or appcert.pem and apppkey.pem) in the output directory. This parameter is optional. If you do not use the -f parameter and there is an existing certificate of the same name, AudCGen aborts.
[base:directory]	The default directory for the certificate and private key files. By default, base is the root directory. This parameter is optional. If you do not designate a base directory, you can include the directory in the certificate and private key strings.
[-bits:number]	The number of bits for the certificate. The default is 512; however, Novell Nsure Audit can handle certificates up to 1472 bits.
[-serial:number]	This parameter assigns a serial number to the current certificate. You can use this option to keep track of your system's certificates. This parameter is optional.
[-valid:days]	The certificate's expiration in days. The current iteration of Novell Nsure Audit does not verify if a certificate is valid.
-ss	Self-sign. AudCGen generates a self-signed CA certificate and key.
-appcert:filename	The output path and filename for the Logging Application Certificate. The default path and filename is base\appcert.pem.
-apppkey:filename	The output path and filename for the Logging Application Certificate. The default path and filename is base\apppkey.pem.
-app:Application_Identifier	The logging application's Application Identifier. This value must match the Application Identifier stored the logging application's Application object.
-v	Validate. AudCGen validates the certificate designated in the -out parameter.
-out:target_certificate	The path and filename for the certificate you want to validate. The default path and filename is base\*.pem