pki --req¶
Synopsis¶
pki --req [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name [--san subjectAltName]+ [--password challengePassword] [--digest md5|sha1|sha224|sha256|sha384|sha512] [--rsa-padding pkcs1|pss] [--outform der|pem] --help (-h) show usage information --in (-i) private key input file, default: stdin --keyid (-x) smartcard or TPM private key object handle --type (-t) type of input key, default: priv --dn (-d) subject distinguished name --san (-a) subjectAltName to include in cert request --password (-p) challengePassword to include in cert request --digest (-g) digest for signature creation, default: key-specific --rsa-padding (-R) padding for RSA signatures, default: pkcs1 --outform (-f) encoding of generated request, default: der --debug (-v) set debug level, default: 1 --options (-+) read command line options from file
Description¶
Create a PKCS#10 certificate request.
Examples¶
- Generate a certificate request for an RSA public key
pki --req --in myKey.der --dn "C=CH, O=strongSwan, CN=moon" > myReq.der
- Generate a certificate request for an ECDSA public key
pki --req --in myKey.der --type ecdsa --dn "C=CH, O=strongSwan, CN=carol" --digest sha256 > myReq.der
- Create an options file supporting ECDSA keys with SHA256 digests
cat > req.opt --type ecdsa --digest sha256
- Generate a certificate request for an ECDSA public key including a subjectAltName
pki --req --options req.opt --in myKey.der --dn "C=CH, O=strongSwan, CN=carol" --san carol@strongswan.org > myReq.der