The Web Tool for Really Easy key and X.509 certificate management


Web T-Rex Users Guide

Version 1.2.12c




Lymeware Corporation


Copyright (c) 2001-2002 Lymeware Corporation


Welcome to Web T-Rex


This web tool allows key and certificate maintenance using your favorite web browser.


It currently supports everything from key and certificate generation to revocation, display and validation.


If none of the above made any sense to you, then you may want to check out the FAQ (trex_faq.txt) and the OpenSSL project website ( before going any further.


The following actions are available:


RSA Key Creation and maintenance utilities

Create, Modify format Display, or Verify a RSA Key pair of



Certificate Request Creation and maintenance utilities

Create, Modify format, Display, or Verify a Certificate

Request (and optionally, a private RSA Key) file.


X.509 Certificate Creation and maintenance utilities

Create, Modify format, Display, or Verify a X.509 Certificate

file (from a Certificate Request or CA Certificate).


Create, Modify format, Display, or Verify a Certificate

Authority (or Root or Self-Signed) X.509 Certificate file.


CRL (Certificate Revocation List) maintenance utilities

Create, Modify format, Display, or Verify a Certificate

Revocation List file.


Miscellaneous Utilities

Additional maintenance, configuration, and troubleshooting

utilities for the PKI system elements.



Why Web T-Rex


This product was built both because our company, Lymeware, needed a simple way to allow customers the ability to display and verify PKI components and because we kept seeing the same questions on that fine mailing list [email protected] and wanted to do our part to "cut through the noise".



Cygwin Package Contents


This package comprises the Win32/Cygwin binary distribution of the Lymeware

Web T-Rex product. The Cygwin package consists of the following files:


./trex.exe - the tool itself,

./cygwin1.dll - the only CygWin DLL needed,

./*.txt - ASCII text documentation,

./*.rtf - Raw Text Format (RTF)documentation,

./*.pdf - AdobeTM Portable Document Format

(PDF) documentation, and

./*.sh - Bash shell script files,

./*.bat - MS-DOS batch files used to start the tool.





The Web T-Rex product is distributed in a gzip-ed tar file, but can be unpacked with WinZip ( or NetZip ( and should be unpacked into its own directory (trex-n.n.n). If you have CygWin already installed then the only REQUIRED file is trex.exe.





The simplest method of starting Web T-Rex is in "unsecured" mode, since this mode does not require the certificates and keys that both the SSL mode and the TLS mode do.


From a command window ( or cmd.exe, depending on the version of Windows you are running), in the installed directory just type:



If running CygWin then open a bash window and type:


And you should see a sign on screen like the following:


Web T-Rex (with SSLv3/TLS 1.0 support) version 1.2.12c

(Web Tool for Real Easy key and X.509 certificate management)

Copyright (c) 2000-2002 Lymeware Corporation, All Rights Reserved


Powered by the Lymeware NAC toolkit, version 1.4.3c

Copyright (c) 1999-2002 Lymeware Corporation


This product contains code from the OpenSSL Project

portions Copyright (c) 1998-2002 OpenSSL

This product contains code from the SSLeay Project

portions Copyright (c) 1998 Eric Young & Tim Hudson


Listening on port 8080



This means that the web server portion of the tool is up and waiting for requests from web browsers.


To access Web T-Rex with your web browser the following URL address may be browsed (assuming the tool is running on a host with an IP address of


If the browser is on the same host as the Web T-Rex:







Web T-Rex HTTP connection modes and command line options


Web T-Rex supports three different HTTP connection modes:


"Insecure" - standard HTTP, which transmits everything in


"SSL" - secure HTTP which transmits everything in an encrypted

socket, and

"TLS" - another secure HTTP, which transmits everything in a

different, encrypted socket.


For more information on SSL and TLS, try


The default mode is "insecure" and is supported by all web browsers. It is STRONGLY suggested that the tool be used in SSL or TLS mode if being run over the Internet.


The following command line options are available:


trex -CCApath -cCAcert.pem [-d][-e] -kRSA_Key.pem [-p][-r]

-sServerCert.pem [-S][-T][-V][-v][-w]


-CCApath = REQUIRED CA certificate path to hashed certificates

-cCAcert = REQUIRED CA certificate (in PEM)

-d = debug printing

-e = enable WebCommand exit (disabled by default)

-kRSA_Key = REQUIRED RSA Private key (in PEM)

-p = display POST as HTML

-r = print client/browser requests

-S = force SSLv3 support

-sServerCert = REQUIRED X.509 Server Cert (in PEM)

-T = force TLS support (overrides SSLv3)

-V = print version and exit

-v = verbose printing

-w = enable WebCommand weblog (disabled by default)



WebCommandtm support


Web T-Rex (the NAC toolkit really) supports the notion of URL command words called WebCommands. This allows the end user browser to send commands to the web tool without requiring specific links or form elements to be provided to the browser in HTML.


Web T-Rex can optionally provide support for two WebCommands: exit and weblog. These commands are "sent" in the URL. For example, if the root URL is then the following URL would send the exit WebCommand (which if enabled, would cause the web tool to exit and end execution):


The following command would display the current WebLog:



WebLogtm HTML Access log support


Web T-Rex (again, the NAC toolkit really) supports the concept of a HTML browse-able HTTP access log called a WebLog. This allows end users to view access information without direct access (ssh/telnet/ftp/etc.) to the host machine. While this option may be useful in secure internal network usage, it is not suggested for Internet use.



Web T-Rex Reference Platforms and Browser Information


Web T-Rex has been built (and extensively tested) on:


Sun Solaris 2.6 & 7 SPARC machines,


Red Hat Linux 6.2 & 7.1 Intel x86 machines, and


Red Hat Cygwin 1.3.6-6 Intel x86 machines.



Web T-Rex has been tested with the following Web Browsers:

Sun HotJava 3.0 (SPARC/Solaris version)

Microsoft Internet Explorer 5.5 (Windows 9X/NT version)

Microsoft Internet Explorer 6.0 (Windows 9X/NT version)

NCSA Mosaic 3.0 (Windows 9X/NT version)

Netscape 4.76 (SPARC/Solaris version)

Netscape 4.78 (Windows 9X/NT version)

Netscape 6.02 (Windows 9X/NT version)

Opera 4.0 (Windows 9X/NT version)


If you successfully test this with another web browser, please send your results to [email protected] and they will be added to the list.





Any and all feedback, including bug reports, patches, virtual beer, and ideas, may be sent to [email protected].


Any cool T-Rex (and other dinosaur) pictures can be sent to [email protected].





IETF Request For Comments (RFC) Drafts


 RFC 1867 - Form-based File Upload in HTML, by E. Nebel, L. Masinter -November 1995
 RFC 2045 - Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, by N. Freed, N. Borenstein - November 1996
 RFC 2183 - Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field, by R. Troost, S. Dorner & K. Moore, Editor - August 1997
 RFC 2388 - Returning Values from Forms: multipart/form-data, by L. Masinter - August 1998
 RFC 2616 - Hypertext Transfer Protocol -- HTTP/1.1, by R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee - June 1999

Other Documents


 Lymeware Network Appliance Core (NAC) Users Manual - by Lymeware Corporation - August 2000


 HTML 4.01 Specification - W3C Recommendation - 24 December 1999


This document is Copyright (c) 2001-2002 Lymeware Corporation