PKI \-\-REQ
Section: strongSwan (1)
Updated: 2013-07-31
Page Index
NAME
pki --req - Create a PKCS#10 certificate request
SYNOPSIS
[
--in
file|
--keyid
hex]
[
--type type ]
--dn~distinguished-name
[
--san subjectAltName ]
[
--password password ]
[
--digest digest ]
[
--rsa-padding padding ]
[
--outform encoding ]
[
--debug level ]
--options~file
-h
|
--help
DESCRIPTION
This sub-command of
pki(1)
is used to create a PKCS#10 certificate request.
OPTIONS
- -h, --help
-
Print usage information with a summary of the available options.
- -v, --debug level
-
Set debug level, default: 1.
- -+, --options file
-
Read command line options from file.
- -i, --in file
-
Private key input file. If not given the key is read from STDIN.
- -x, --keyid hex
-
Smartcard or TPM private key object handle in hex format with an optional
0x prefix.
- -t, --type type
-
Type of the input key. Either priv, rsa, ecdsa or bliss,
defaults to priv.
- -d, --dn distinguished-name
-
Subject distinguished name (DN). Required.
- -a, --san subjectAltName
-
subjectAltName extension to include in request. Can be used multiple times.
- -p, --password password
-
The challengePassword to include in the certificate request.
- -g, --digest digest
-
Digest to use for signature creation. One of md5, sha1,
sha224, sha256, sha384, or sha512. The default is
determined based on the type and size of the signature key.
- -R, --rsa-padding padding
-
Padding to use for RSA signatures. Either pkcs1 or pss, defaults
to pkcs1.
- -f, --outform encoding
-
Encoding of the created certificate file. Either der (ASN.1 DER) or
pem (Base64 PEM), defaults to der.
EXAMPLES
Generate a certificate request for an RSA key, with a subjectAltName extension:
pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
--san moon@strongswan.org > req.der
Generate a certificate request for an ECDSA key and a different digest:
pki --req --in key.der --type ecdsa --digest sha256 \
--dn "C=CH, O=strongSwan, CN=carol" > req.der
SEE ALSO
pki(1)