PKI \-\-REQ

Section: strongSwan (1)
Updated: 2013-07-31
Page Index
 

NAME

pki --req - Create a PKCS#10 certificate request  

SYNOPSIS

[--in file|--keyid hex] [ --type type ] --dn~distinguished-name [ --san subjectAltName ] [ --password password ] [ --digest digest ] [ --rsa-padding padding ] [ --outform encoding ] [ --debug level ] --options~file -h | --help  

DESCRIPTION

This sub-command of pki(1) is used to create a PKCS#10 certificate request.  

OPTIONS

-h, --help
Print usage information with a summary of the available options.
-v, --debug level
Set debug level, default: 1.
-+, --options file
Read command line options from file.
-i, --in file
Private key input file. If not given the key is read from STDIN.
-x, --keyid hex
Smartcard or TPM private key object handle in hex format with an optional 0x prefix.
-t, --type type
Type of the input key. Either priv, rsa, ecdsa or bliss, defaults to priv.
-d, --dn distinguished-name
Subject distinguished name (DN). Required.
-a, --san subjectAltName
subjectAltName extension to include in request. Can be used multiple times.
-p, --password password
The challengePassword to include in the certificate request.
-g, --digest digest
Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. The default is determined based on the type and size of the signature key.
-R, --rsa-padding padding
Padding to use for RSA signatures. Either pkcs1 or pss, defaults to pkcs1.
-f, --outform encoding
Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.
 

EXAMPLES

Generate a certificate request for an RSA key, with a subjectAltName extension:


  pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
       --san moon@strongswan.org > req.der

Generate a certificate request for an ECDSA key and a different digest:


  pki --req --in key.der --type ecdsa --digest sha256 \
      --dn "C=CH, O=strongSwan, CN=carol"  > req.der

 

SEE ALSO

pki(1)


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
EXAMPLES
SEE ALSO
LinuxReviews : manual page archive : man1