pki --req
Synopsis
pki --req [--in file|--keyid hex] [--type rsa|ecdsa|priv] --dn distinguished-name [--san subjectAltName]+ [--password challengePassword] [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512] [--rsa-padding pkcs1|pss] [--outform der|pem] pki --req --help
Description
This pki
subcommand generates a PKCS#10 certificate request.
Options
--in (-i) private key input file, default: stdin --keyid (-x) smartcard or TPM private key object handle --type (-t) type of input key, default: priv --dn (-d) subject distinguished name --san (-a) subjectAltName to include in cert request --password (-p) challengePassword to include in cert request --digest (-g) digest for signature creation, default: key-specific --rsa-padding (-R) padding for RSA signatures, default: pkcs1 --outform (-f) encoding of generated request, default: der --debug (-v) set debug level, default: 1 --options (-+) read command line options from file---- --help (-h) show usage information
Examples
-
Generate a certificate request for an RSA public key
pki --req --in myKey.der --dn "C=CH, O=strongSwan, CN=moon.strongswan.org" > myReq.de
-
Generate a certificate request for an ECDSA public key
pki --req --in myKey.der --type ecdsa --dn "C=CH, O=strongSwan, CN=carol@strongswan.org" --digest sha256 > myReq.der
-
Create an options file supporting ECDSA keys with SHA256 digests
cat > req.opt --type ecdsa --digest sha256
-
Generate a certificate request for an ECDSA public key including a subjectAltName
pki --req --options req.opt --in myKey.der --dn "C=CH, O=strongSwan, CN=carol@strongswan.org" --san carol@strongswan.org > myReq.der