.nh .TH PKCS10Client 1 "April 28, 2017" PKI "PKI PKCS10Client certificate request tool" .SH NAME .PP PKCS10Client - Used to generate 1024-bit RSA key pair in the security database. .SH SYNOPSIS .PP \fBPKCS10Client\fP \fB-d\fP \fINSS-database\fP \fB-h\fP \fINSS-token\fP \fB-p\fP \fINSS-password\fP \fB-a\fP \fIalgorithm\fP [\fB-l\fP \fIrsa-key-length\fP] [\fB-c\fP \fIec-curve-name\fP] \fB-o\fP \fIoutput-file\fP \fB-n\fP \fIsubject-DN\fP .PP To get a certificate from the CA, the certificate request needs to be submitted to and approved by a CA agent. Once approved, a certificate is created for the request, and certificate attributes, such as extensions, are populated according to certificate profiles. .SH DESCRIPTION .PP The PKCS #10 utility, \fBPKCS10Client\fP, generates a RSA or EC key pair in the security database, constructs a PKCS #10 certificate request with the public key, and outputs the request to a file. .PP \fBPKCS #10\fP is a certification request syntax standard defined by RSA. A CA may support multiple types of certificate requests. The Certificate System CA supports KEYGEN, PKCS #10, CRMF, and CMC. .SH OPTIONS .PP \fBPKCS10Client\fP parameters: .PP \fB-d\fP \fINSS-database\fP .br The directory containing the NSS database. This is usually the client's personal directory. .PP \fB-h\fP \fINSS-token\fP .br Name of the token. By default it takes \fBinternal\fP\&. .PP \fB-p\fP \fINSS-token\fP .br The password to the token. .PP \fB-a\fP \fIalgorithm\fP .br The algorithm type either \fBrsa\fP or \fBec\fP\&. By default it takes \fBrsa\fP\&. .PP \fB-l\fP \fIrsa-key-length\fP .br The RSA key bit length when \fB-a\fP \fBrsa\fP is specified. By default it is \fB1024\fP\&. .PP \fB-c\fP \fIec-curve-name\fP .br Eleptic Curve cryptography curve name. Possible values are (if provided by the crypto module): nistp256 (secp256r1), nistp384 (secp384r1), nistp521 (secp521r1), nistk163 (sect163k1), sect163r1,nistb163 (sect163r2), sect193r1, sect193r2, nistk233 (sect233k1), nistb233 (sect233r1), sect239k1, nistk283 (sect283k1), nistb283 (sect283r1), nistk409 (sect409k1), nistb409 (sect409r1), nistk571 (sect571k1), nistb571 (sect571r1), secp160k1, secp160r1, secp160r2, secp192k1, nistp192 (secp192r1, prime192v1), secp224k1, nistp224 (secp224r1), secp256k1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, c2pnb163v1, c2pnb163v2, c2pnb163v3, c2pnb176v1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2pnb208w1, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2pnb272w1, c2pnb304w1, c2tnb359w1, c2pnb368w1, c2tnb431r1, secp112r1, secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2. .PP \fB-o\fP \fIoutput-file\fP .br Sets the path and filename to output the new PKCS #10 certificate in base64 format. .PP \fB-n\fP \fIsubject-DN\fP .br Gives the subject DN of the certificate. .PP \fB-k\fP \fIenable-encoding\fP .br \fBtrue\fP for enabling encoding of attribute values; \fBfalse\fP for default encoding of attribute values; default is \fBfalse\fP\&. .PP \fB-t\fP \fItemporary\fP .br \fBtrue\fP for temporary(session); \fBfalse\fP for permanent(token); default is \fBfalse\fP\&. .PP \fB-s\fP \fIsensitivity\fP .br \fB1\fP for sensitive; \fB0\fP for non-sensitive; \fB-1\fP temporaryPairMode dependent; default is \fB-1\fP\&. .PP \fB-e\fP \fIextractable\fP .br \fB1\fP for extractable; \fB0\fP for non-extractable; \fB-1\fP token dependent; default is \fB-1\fP\&. .PP Also optional for ECC key generation: .PP \fB-x\fP \fIecdh-ecdsa\fP .br \fBtrue\fP for SSL cert that does ECDH ECDSA; \fBfalse\fP otherwise; default \fBfalse\fP\&. .PP \fB-y\fP \fIski-extension\fP .br \fBtrue\fP for adding SubjectKeyIdentifier extension for self-signed CMC shared secret requests; \fBfalse\fP otherwise; default \fBfalse\fP\&. To be used with \fBrequest.useSharedSecret=true\fP when running CMCRequest. .SH AUTHORS .PP Amol Kahat <akahat@redhat.com>\&. .SH COPYRIGHT .PP Copyright (c) 2017, 2019 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.