Project

General

Profile

History

strongSwan User Documentation » ipsec pki »

ipsec pki --req

Synopsis

pki --req [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name
          [--san subjectAltName]+ [--password challengePassword]
          [--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]

           --help     (-h)  show usage information
           --in       (-i)  private key input file, default: stdin
           --keyid    (-x)  smartcard or TPM private key object handle
           --type     (-t)  type of input key, default: priv
           --dn       (-d)  subject distinguished name
           --san      (-a)  subjectAltName to include in cert request
           --password (-p)  challengePassword to include in cert request
           --digest   (-g)  digest for signature creation, default: key-specific
           --outform  (-f)  encoding of generated request, default: der
           --debug    (-v)  set debug level, default: 1
           --options  (-+)  read command line options from file

Description

Create a PKCS#10 certificate request.

Examples

  • Generate a certificate request for an RSA public key
pki --req --in myKey.der --dn "C=CH, O=strongSwan, CN=moon" > myReq.der
  • Generate a certificate request for an ECDSA public key
pki --req --in myKey.der --type ecdsa --dn "C=CH, O=strongSwan, CN=carol" 
          --digest sha256 > myReq.der
  • Create an options file supporting ECDSA keys with SHA256 digests
cat > req.opt
--type ecdsa
--digest sha256
  • Generate a certificate request for an ECDSA public key including a subjectAltName
pki --req --options req.opt --in myKey.der --dn "C=CH, O=strongSwan, CN=carol" 
          --san carol@strongswan.org > myReq.der