pki --issue » History » Version 2

Version 1 (Andreas Steffen, 16.09.2009 10:09) → Version 2/21 (Andreas Steffen, 05.10.2009 21:37)

h1. ipsec pki --issue

h2. Synopsis

pki --issue [--in file] [--type pub|pkcs10] --cacert file --cakey file --dn subject-dn
[--san subjectAltName]+ [--lifetime days] [--serial hex]
[--ca] [--crl uri]+ [--ocsp uri]+ [--flag serverAuth|ocspSigning]+
[--digest md5|sha1|sha224|sha256|sha384|sha512]

--help (-h) show usage information
--in (-i) public key/request file to issue, default: stdin
--type (-t) type of input, default: pub
--cacert (-c) CA certificate file
--cakey (-k) CA private key file
--dn (-d) distinguished name to include as subject
--san (-a) subjectAltName to include in certificate
--lifetime (-l) days the certificate is valid, default: 1080
--serial (-s) serial number in hex, default: random
--ca (-b) include CA basicConstraint, default: no
--flag (-f) include extendedKeyUsage flag

--crl (-u) CRL distribution point URI to include
--ocsp (-o) OCSP AuthorityInfoAccess URI to include
--digest (-g) digest for signature creation, default: sha1
--debug (-v) set debug level, default: 1
--options (-+) read command line options from file

h2. Description

Issue a an X.509 certificate by signing with a CA private key.