1. Aleksandr Kotlyar
  2. ARKcert

Overview

HTTPS SSH

ARKconcepts Certificate Manager (ARKcert)

This simple command-line app is intended to be used primarily for non-production purposes of creating and maintaining SSL/TLS certificates. It should, in theory, work with both .NET and Mono.

It is capable of creating certificate authorities (CAs) and client/server certificates.

It is also capable of converting between Base64-encoded certificate and key files (*.crt/*.cer and *.key) and PKCS#12 files (*.p12/*.pfx).

The usage documentation is auto-generated at runtime using the Command Line Parser Library. All of the crypto functions are provided by Bouncy Castle.

Usage

This information has been literally copied from the output of the app.

C:\>arkcert
ARKconcepts Certificate Manager 1.0.0.0
Copyright (C) ARKconcepts
Usage: arkcert [action] [options]
The following actions are available:

  new-ca              Create a new Certificate Authority (CA).

  new-cert            Create a new client/server certificate.

  convert-from-p12    Convert a certificate or CA from PKCS#12 (.p12/.pfx)
                      format to certificate and key files.

  convert-to-p12      Convert a certificate or CA from certificate and key
                      files to PKCS#12 (.p12/.pfx) format.
C:\>arkcert new-ca
ARKconcepts Certificate Manager 1.0.0.0
Copyright (C) ARKconcepts
Usage: arkcert new-ca [options]

  -c, --out-ca-cert     Required. CA certificate filename.

  -k, --out-ca-key      Required. CA private key filename.

  -h, --hash            (Default: SHA256) Signature hash algorithm: SHA1,
                        SHA256, or SHA512.

  -a, --algo            Required. Signature algorithm (RSA or ECDSA) and key
                        size: RSA1024, RSA2048, RSA4096, EC192, EC224, EC239,
                        EC256, or EC384.

  -f, --valid-from      Required. Date on which CA becomes valid (YYYY-MM-DD
                        format). It may be useful to set this to yesterday due
                        to time zones.

  -t, --valid-to        Required. Date on which CA expires (YYYY-MM-DD format).

  -n, --common-name     Required. Common name (often FQDN).

  -d, --country-code    Two-letter country code.

  -s, --state           State/province name.

  -l, --locality        Locality (city/town).

  -o, --organization    Organization.

  -u, --org-unit        Organizational unit.

  -e, --email           Email address.
C:\>arkcert new-cert
ARKconcepts Certificate Manager 1.0.0.0
Copyright (C) ARKconcepts
Usage: arkcert new-cert [options]

  -c, --out-cert        Required. Certificate filename.

  -k, --out-key         Required. Certificate private key filename.

  --ca-cert             Required. Signing CA certificate filename.

  --ca-key              Required. Signing CA private key filename.

  --sa-names            Subject Alternative Name(s), space-separated.

  -h, --hash            (Default: SHA256) Signature hash algorithm: SHA1,
                        SHA256, or SHA512.

  -a, --algo            Required. Signature algorithm (RSA or ECDSA) and key
                        size: RSA1024, RSA2048, RSA4096, EC192, EC224, EC239,
                        EC256, or EC384.

  -f, --valid-from      Required. Date on which CA becomes valid (YYYY-MM-DD
                        format). It may be useful to set this to yesterday due
                        to time zones.

  -t, --valid-to        Required. Date on which CA expires (YYYY-MM-DD format).

  -n, --common-name     Required. Common name (often FQDN).

  -d, --country-code    Two-letter country code.

  -s, --state           State/province name.

  -l, --locality        Locality (city/town).

  -o, --organization    Organization.

  -u, --org-unit        Organizational unit.

  -e, --email           Email address.
C:\>arkcert convert-from-p12
ARKconcepts Certificate Manager 1.0.0.0
Copyright (C) ARKconcepts
Usage: arkcert convert-from-p12 [options]

  -i, --in-p12      Required. Input PKCS#12 file

  -c, --out-cert    Required. Output certificate file

  -k, --out-key     Required. Output key file

  -p, --password    PKCS#12 file password. If skipped, you will be prompted for
                    it.
C:\>arkcert convert-to-p12
ARKconcepts Certificate Manager 1.0.0.0
Copyright (C) ARKconcepts
Usage: arkcert convert-to-p12 [options]

  -c, --in-cert     Required. Input certificate file

  -k, --in-key      Required. Input private key file

  -o, --out-p12     Required. Output PKCS#12 file

  -p, --password    PKCS#12 file password. If skipped, you will be prompted for
                    it.