NAME¶
certpatch
—
add subjectAltName identities to X.509 certificates
SYNOPSIS¶
certpatch |
[-t identity-type]
-i identity
-k signing-key
input-certificate output-certificate |
DESCRIPTION¶
certpatch
alters PEM-encoded X.509 certificates by
adding a subjectAltName extension containing an identity used by the
signature-based authentication schemes of the ISAKMP protocol. After the
addition the certificate will be signed once again with the supplied CA
signing key.
The options are as follows:
-t
identity-type
- If given, the
-t
option specifies the type of the
given identity. Currently ip
,
fqdn
, and ufqdn
are
recognized. The default is ip
.
-i
identity
- The
-i
option takes an argument which is the
identity to put into the subjectAltName field of the certificate. If the
identity-type is ip
, this argument should be an
IPv4 address in dotted decimal notation.
-k
signing-key
- The
-k
option specifies the key used for signing
the certificate once the subjectAltName extension has been added. The key
is specified by the filename where it is stored in PEM format.