Project

General

Profile

pki

Synopsis

pki --gen     (-g)  generate a new private key
pki --self    (-s)  create a self signed certificate
pki --issue   (-i)  issue a certificate using a CA certificate and key
pki --signcrl (-c)  issue a CRL using a CA certificate and key
pki --acert   (-z)  issue an attribute certificate
pki --req     (-r)  create a PKCS#10 certificate request
pki --pkcs7   (-7)  PKCS#7 wrap/unwrap functions
pki --pkcs12  (-u)  PKCS#12 functions
pki --keyid   (-k)  calculate key identifiers of a key/certificate
pki --print   (-a)  print a credential in a human readable form
pki --dn      (-d)  extract the subject DN of an X.509 certificate
pki --pub     (-p)  extract the public key from a private key/certificate
pki --verify  (-v)  verify a certificate using the CA certificate
pki --help    (-h)  show usage information

Description

The pki command suite allows you to run a simple public key infrastructure. Generate RSA and ECDSA public key pairs, create PKCS#10 certificate requests containing subjectAltNames, create X.509 self-signed end entity and root CA certificates, issue end entity and intermediate CA certificates signed by the private key of a CA and containing subjectAltNames, CRL distribution points and URIs of OCSP servers. You can also extract raw public keys from private keys, certificate requests and certificates and compute two kinds of SHA1-based key IDs.

pki was introduced with strongSwan 4.3.5.

How-To's

  • Set up a simple CA and issue peer certificates