pki Tool
Synopsis
pki --gen (-g) generate a new private key pki --self (-s) create a self signed certificate pki --issue (-i) issue a certificate using a CA certificate and key pki --signcrl (-c) issue a CRL using a CA certificate and key pki --acert (-z) issue an attribute certificate pki --req (-r) create a PKCS#10 certificate request pki --pkcs7 (-7) PKCS#7 wrap/unwrap functions pki --pkcs12 (-u) PKCS#12 functions pki --keyid (-k) calculate key identifiers of a key/certificate pki --print (-a) print a credential in a human readable form pki --dn (-d) extract the subject DN of an X.509 certificate pki --pub (-p) extract the public key from a private key/certificate pki --verify (-v) verify a certificate using the CA certificate pki --help (-h) show usage information
Description
The pki
command suite allows you to run a simple public key infrastructure.
Generate RSA, ECDSA or EdDSA public key pairs, create PKCS#10 certificate requests
containing subjectAltNames, create X.509 self-signed end entity and root CA
certificates, issue end entity and intermediate CA certificates signed by the
private key of a CA and containing subjectAltNames
, CRL distribution points and
URIs of OCSP servers. You can also extract raw public keys from private keys,
certificate requests and certificates and compute two kinds of SHA1-based key IDs.
Subcommands
Each subcommand has additional options. Pass --help
to a subcommand to get
additional information.
Tutorial
-
A quickstart tutorial on the use of the
pki
tool can be found here.