Provided by: gvmd-common_25.2.1-1_all bug

NAME
       gvm-manage-certs - manage certificate infrastructure for a GVM installation


SYNOPSIS
       gvm-manage-certs [OPTION]...


DESCRIPTION
       gvm-manage-certs  manages  the  certificate  infrastructure  for  a  GVM  installation.   The certificate
       infrastructure enables GVM daemons to communicate in a secure manner and is used for  authentication  and
       authorization before establishing TLS connections between the daemons.

       The  GVM  certificate infrastructure consists of a certificate authority (CA) which is trusted by all GVM
       daemons.  This CA is then used to sign certificates used by the various daemons.  The certificates can be
       divided into two use cases:

       •  Server certificates, primarily used for authentication

       •  Client certificates, primarily used for authorization

       gvm-manage-certs can perform an automatic creation of a default certificate infrastructure for a standard
       GVM installation.  It can also verify an existing infrastructure and perform various certificate  related
       tasks to support the setup of a more complex infrastructure.


OPTIONS
   Certificate infrastructure management
       -a     Automatically set up default infrastructure for GVM

       -V     Verify existing GVM certificate infrastructure

       -C     Create a certificate authority (CA)

       -R     Create a certificate request for a CA

       -r     Create a certificate request for a CA and sign it

       -C     Create a certificate authority (CA)

       -I     Install a CA certificate

       -c     Create a certificate request and sign it

       -i     Install a certificate

       -S     Sign a certificate request

       -f     Force overwriting of existing files

   Certificate options
       -E     Create  a  server  certificate.   This  sets  the  appropriate  key usage constraints for a server
              certificate.

       -L     Create a client certificate.  This sets  the  appropriate  key  usage  constraints  for  a  client
              certificate.

       -A     Skip  CA  generation  in  automatic  mode.   This  automatically  (re-)generates server and client
              certificates, but keeps the CA certificate.

   Configuration
       -e file Read configuration from file (see below for configuration details)

   Output control
       -d     Print debug output

       -v     Print verbose messages

       -q     Be quiet, only print error messages

   Other options
       -h     Print help


EXIT STATUS
       0      The requested operation was successfully performed.

       1      An error occurred, the requested operation could not be performed.


ENVIRONMENT
       All certificate generation  options  can  be  set  either  through  the  configuration  file  or  through
       environment variables like the following:

       GVM_CERTIFICATE_LIFETIME
              Days until the certificate will expire

       GVM_CERTIFICATE_HOSTNAME
              Name to use for the certificate

       GVM_CERTIFICATE_SIGNALG
              Hash algorithm to use for signing

       GVM_CERTIFICATE_KEYSIZE
              Size in bits of the generated key

       GVM_CERTIFICATE_SECPARAM
              GnuTLS security level [low|medium|high|ultra]

       GVM_CERT_DIR
              Directory where keys and certificates are stored before installation

       GVM_CERT_PREFIX
              Prefix for certificate filename (e.g. "server")

       For  a  complete  list  of  options,  please  refer  to  the  example  configuration file included in the
       documentation.


SEE ALSO
       openvas(8), gvmd(8), gsad(8)

The OpenVAS Project                                2015-09-21                                GVM-MANAGE-CERTS(1)