ipsec pki --req¶

Synopsis¶

pki --req [--in file] [--type rsa|ecdsa] --dn distinguished-name
          [--san subjectAltName]+ [--password challengePassword]
          [--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]

           --help     (-h)  show usage information
           --in       (-i)  private key input file, default: stdin
           --type     (-t)  type of input key, default: rsa
           --dn       (-d)  subject distinguished name
           --san      (-a)  subjectAltName to include in cert request
           --password (-p)  challengePassword to include in cert request
           --digest   (-g)  digest for signature creation, default: sha1
           --outform  (-f)  encoding of generated request, default: der
           --debug    (-v)  set debug level, default: 1
           --options  (-+)  read command line options from file

Description¶

Create a PKCS#10 certificate request.

Examples¶

• Generate a certificate request for an RSA public key

pki --req --in myKey.der --dn "C=CH, O=strongSwan, CN=moon" > myReq.der

• Generate a certificate request for an ECDSA public key

pki --req --in myKey.der --type ecdsa --dn "C=CH, O=strongSwan, CN=carol" 
          --digest sha256 > myReq.der

• Create an options file supporting ECDSA keys with SHA256 digests

cat > req.opt
--type ecdsa
--digest sha256

• Generate a certificate request for an ECDSA public key including a subjectAltName

pki --req --options req.opt --in myKey.der --dn "C=CH, O=strongSwan, CN=carol" 
          --san carol@strongswan.org > myReq.der