NAME¶
certpatch —
add subjectAltName
identities to X.509 certificates
SYNOPSIS¶
certpatch |
[-t
identity-type] -i
identity -k
signing-key input-certificate
output-certificate |
DESCRIPTION¶
certpatch alters PEM-encoded X.509 certificates by adding a
subjectAltName extension containing an identity used by the signature-based
authentication schemes of the ISAKMP protocol. After the addition the
certificate will be signed once again with the supplied CA signing key.
The options are as follows:
- -t
identity-type
- If given, the -t option specifies the
type of the given identity. Currently
ip
,
fqdn
, and ufqdn
are
recognized. The default is ip
.
- -i
identity
- The -i option takes an argument which is
the identity to put into the subjectAltName field of the certificate. If
the identity-type is
ip
, this argument should be
an IPv4 address in dotted decimal notation.
- -k
signing-key
- The -k option specifies the key used for
signing the certificate once the subjectAltName extension has been added.
The key is specified by the filename where it is stored in PEM
format.
SEE ALSO¶
isakmpd(8),
ssl(8)