NAME¶
pki --req - Create a PKCS#10 certificate request
SYNOPSIS¶
[
--in file]
[
--type type]
--dn distinguished-name [
--san
subjectAltName] [
--password
password] [
--digest
digest] [
--outform
encoding] [
--debug level]
--options file -h |
--help
DESCRIPTION¶
This sub-command of
pki(1) is used to create a PKCS#10 certificate
request.
OPTIONS¶
- -h, --help
- Print usage information with a summary of the available options.
- -v, --debug level
- Set debug level, default: 1.
- -+, --options file
- Read command line options from file.
- -i, --in file
- Private key input file. If not given the key is read from
STDIN.
- -t, --type type
- Type of the input key. Either rsa or ecdsa, defaults to
rsa.
- -d, --dn distinguished-name
- Subject distinguished name (DN). Required.
- -a, --san subjectAltName
- subjectAltName extension to include in request. Can be used multiple
times.
- -p, --password password
- The challengePassword to include in the certificate request.
- -g, --digest digest
- Digest to use for signature creation. One of md5, sha1,
sha224, sha256, sha384, or sha512. Defaults to
sha1.
- -f, --outform encoding
- Encoding of the created certificate file. Either der (ASN.1 DER) or
pem (Base64 PEM), defaults to der.
EXAMPLES¶
Generate a certificate request for an RSA key, with a subjectAltName extension:
pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
--san moon@strongswan.org > req.der
Generate a certificate request for an ECDSA key and a different digest:
pki --req --in key.der --type ecdsa --digest sha256 \
--dn "C=CH, O=strongSwan, CN=carol" > req.der
SEE ALSO¶
pki(1)