pki: Add pki --self man page

Can be opened with "man pki --self".

4 files changed, 154 insertions, 4 deletions

diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index 448360821..a1f17c8f9 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -378,14 +378,14 @@ static void __attribute__ ((constructor))reg()
 	command_register((command_t) {
 		self, 's', "self",
 		"create a self signed certificate",
-		{"[--in file | --keyid hex] [--type rsa|ecdsa]",
+		{" [--in file|--keyid hex] [--type rsa|ecdsa]",
 		 " --dn distinguished-name [--san subjectAltName]+",
 		 "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
 		 "[--flag serverAuth|clientAuth|crlSign|ocspSigning]+",
 		 "[--nc-permitted name] [--nc-excluded name]",
-		 "[--cert-policy oid [--cps-uri uri] [--user-notice text] ]+",
 		 "[--policy-map issuer-oid:subject-oid]",
 		 "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]",
+		 "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+",
 		 "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"},
 		{
 			{"help",			'h', 0, "show usage information"},
diff --git a/src/pki/man/Makefile.am b/src/pki/man/Makefile.am
index 4b33a30c7..addcee957 100644
--- a/src/pki/man/Makefile.am
+++ b/src/pki/man/Makefile.am
@@ -1,5 +1,6 @@
 man8_MANS = \
 	ipsec-pki.8 \
-	pki---gen.8
+	pki---gen.8 \
+	pki---self.8
 
 CLEANFILES = $(man8_MANS)
diff --git a/src/pki/man/ipsec-pki.8.in b/src/pki/man/ipsec-pki.8.in
index 0c1d427b0..446a4a10f 100644
--- a/src/pki/man/ipsec-pki.8.in
+++ b/src/pki/man/ipsec-pki.8.in
@@ -70,4 +70,5 @@ Verify a certificate using a CA certificate.
 .SH "SEE ALSO"
 .
 .BR ipsec (8),
-.BR pki\ \-\-gen (8)
+.BR pki\ \-\-gen (8),
+.BR pki\ \-\-self (8)
diff --git a/src/pki/man/pki---self.8.in b/src/pki/man/pki---self.8.in
new file mode 100644
index 000000000..ad0c35c64
--- /dev/null
+++ b/src/pki/man/pki---self.8.in
@@ -0,0 +1,148 @@
+.TH "PKI \-\-SELF" 8 "2013-07-31" "@PACKAGE_VERSION@" "strongSwan"
+.
+.SH "NAME"
+.
+pki \-\-self \- Create a self-signed certificate
+.
+.SH "SYNOPSIS"
+.
+.SY pki\ \-\-self
+.RB [ \-\-in
+.IR file | \fB\-\-keyid\fR
+.IR hex ]
+.OP \-\-type t
+.BI \-\-dn\~ distinguished-name
+.OP \-\-san subjectAltName
+.OP \-\-lifetime days
+.OP \-\-serial hex
+.OP \-\-flag flag
+.OP \-\-digest digest
+.OP \-\-ca
+.OP \-\-ocsp uri
+.OP \-\-pathlen len
+.OP \-\-nc-permitted name
+.OP \-\-nc-excluded name
+.OP \-\-policy\-mapping mapping
+.OP \-\-policy\-explicit len
+.OP \-\-policy\-inhibit len
+.OP \-\-policy\-any len
+.OP \-\-cert\-policy oid\ \fR[\fB\-\-cps\-uri\ \fIuri\fR]\ \fR[\fB\-\-user\-notice\ \fItext\fR]
+.OP \-\-outform encoding
+.OP \-\-debug level
+.YS
+.
+.SY pki\ \-\-self
+.BI \-\-options\~ file
+.YS
+.
+.SY "pki \-\-self"
+.B \-h
+|
+.B \-\-help
+.YS
+.
+.SH "DESCRIPTION"
+.
+This sub-command of
+.BR ipsec\-pki (8)
+is used to create a self-signed certificate.
+.
+.SH "OPTIONS"
+.
+.TP
+.B "\-h, \-\-help"
+Print usage information with a summary of the available options.
+.TP
+.BI "\-v, \-\-debug " level
+Set debug level, default: 1.
+.TP
+.BI "\-+, \-\-options " file
+Read command line options from \fIfile\fR.
+.TP
+.BI "\-i, \-\-in " file
+Private key input file. If not given the key is read from \fISTDIN\fR.
+.TP
+.BI "\-x, \-\-keyid " hex
+Key ID of a private key on a smartcard.
+.TP
+.BI "\-t, \-\-type " type
+Type of the input key. Either \fIrsa\fR or \fIecdsa\fR, defaults to \fIrsa\fR.
+.TP
+.BI "\-d, \-\-dn " distinguished-name
+Subject and issuer distinguished name (DN). Required.
+.TP
+.BI "\-a, \-\-san " subjectAltName
+subjectAltName extension to include in certificate. Can be used multiple times.
+.TP
+.BI "\-l, \-\-lifetime " days
+Days the certificate is valid, default: 1095.
+.TP
+.BI "\-s, \-\-serial " hex
+Serial number in hex. It is randomly allocated by default.
+.TP
+.BI "\-e, \-\-flag " flag
+Add extendedKeyUsage flag. One of \fIserverAuth\fR, \fIclientAuth\fR,
+\fIcrlSign\fR, or \fIocspSigning\fR. Can be used multiple times.
+.TP
+.BI "\-g, \-\-digest " digest
+Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
+\fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. Defaults to
+\fIsha1\fR.
+.TP
+.BI "\-f, \-\-outform " encoding
+Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
+\fIpem\fR (Base64 PEM), defaults to \fIder\fR.
+.TP
+.BI "\-b, \-\-ca"
+Include CA basicConstraint extension in certificate.
+.TP
+.BI "\-o, \-\-ocsp " uri
+OCSP AuthorityInfoAccess URI to include in certificate. Can be used multiple
+times.
+.TP
+.BI "\-p, \-\-pathlen " len
+Set path length constraint.
+.TP
+.BI "\-n, \-\-nc-permitted " name
+Add permitted NameConstraint extension to certificate.
+.TP
+.BI "\-N, \-\-nc-excluded " name
+Add excluded NameConstraint extension to certificate.
+.TP
+.BI "\-M, \-\-policy-mapping " issuer-oid:subject-oid
+Add policyMapping from issuer to subject OID.
+.TP
+.BI "\-E, \-\-policy-explicit " len
+Add requireExplicitPolicy constraint.
+.TP
+.BI "\-H, \-\-policy-inhibit " len
+Add inhibitPolicyMapping constraint.
+.TP
+.BI "\-A, \-\-policy-any " len
+Add inhibitAnyPolicy constraint.
+.PP
+.SS "Certificate Policy"
+Multiple certificatePolicy extensions can be added. Each with the following
+information:
+.TP
+.BI "\-P, \-\-cert-policy " oid
+OID to include in certificatePolicy extension. Required.
+.TP
+.BI "\-C, \-\-cps-uri " uri
+Certification Practice statement URI for certificatePolicy.
+.TP
+.BI "\-U, \-\-user-notice " text
+User notice for certificatePolicy.
+.
+.SH "EXAMPLES"
+.
+Generate a self-signed certificate using the given RSA key:
+.PP
+.EX
+  ipsec pki \-\-self \-\-in key.der \-\-dn "C=CH, O=strongSwan, CN=moon" \\
+            \-\-san moon.strongswan.org > cert.der
+.EE
+.
+.SH "SEE ALSO"
+.
+.BR ipsec\-pki (8)
\ No newline at end of file