...
To sign host's public keys there is the script 'generate_host_certificate.sh'
The scripts does have the following options:
- -I
- This takes the ' HOST_ID ' of the server.
- e.g host.netdef.org
- -f
- The file that contains all the keys.
- -V
- Add the validity interval of a certificate
- Per default a certificate is valid for one year.
- more information can be found here: validity_interval
- -n
- This flag restricts the certificate to a list of pricipals that the host is known by.
...