Project

General

Profile

History

strongSwan User Documentation » ipsec pki »

ipsec pki --req

Synopsis

pki --req [--in file|--keyid hex] [--type rsa|ecdsa|bliss|priv] --dn distinguished-name
          [--san subjectAltName]+ [--password challengePassword]
          [--digest md5|sha1|sha224|sha256|sha384|sha512] [--rsa-padding pkcs1|pss]
          [--outform der|pem]

           --help        (-h)  show usage information
           --in          (-i)  private key input file, default: stdin
           --keyid       (-x)  smartcard or TPM private key object handle
           --type        (-t)  type of input key, default: priv
           --dn          (-d)  subject distinguished name
           --san         (-a)  subjectAltName to include in cert request
           --password    (-p)  challengePassword to include in cert request
           --digest      (-g)  digest for signature creation, default: key-specific
           --rsa-padding (-R)  padding for RSA signatures, default: pkcs1
           --outform     (-f)  encoding of generated request, default: der
           --debug       (-v)  set debug level, default: 1
           --options     (-+)  read command line options from file

Description

Create a PKCS#10 certificate request.

Examples

  • Generate a certificate request for an RSA public key
pki --req --in myKey.der --dn "C=CH, O=strongSwan, CN=moon" > myReq.der
  • Generate a certificate request for an ECDSA public key
pki --req --in myKey.der --type ecdsa --dn "C=CH, O=strongSwan, CN=carol" 
          --digest sha256 > myReq.der
  • Create an options file supporting ECDSA keys with SHA256 digests
cat > req.opt
--type ecdsa
--digest sha256
  • Generate a certificate request for an ECDSA public key including a subjectAltName
pki --req --options req.opt --in myKey.der --dn "C=CH, O=strongSwan, CN=carol" 
          --san carol@strongswan.org > myReq.der