1tpm2_certifyX509certutil(1) General Commands Manualtpm2_certifyX509certutil(1)
2
6 tpm2_certifyX509certutil(1) - Generate partial X509 certificate.
7
9 tpm2_certifyX509certutil [OPTIONS]
10
12 tpm2_certifyX509certutil(1) - Generates a partial certificate that is
13 suitable as the third input parameter for TPM2_certifyX509 command.
14 The certificate data is written into a file in DER format and can be
15 examined using openssl asn1parse tool as follows:
16 openssl asn1parse -in partial_cert.der -inform DER
18
20 These are the available options:
21 • -o, --outcert=STRING: The output file where the certificate will be
23 written to. The default is partial_cert.der Optional parameter.
24 • -d, --days=NUMBER: The number of days the certificate will be valid
26 starting from today. The default is 3560 (10 years) Optional parame‐
27 ter.
28 • -i, --issuer=STRING: The ISSUER entry for the cert in the following
30 format: --issuer="C=US;O=org;OU=Org unit;CN=cname" Supported fields
31 are:
32 • C - "Country", max size = 2
34 • O - "Org", max size = 8
36 • OU - "Org Unit", max size = 8
38 • CN - "Common Name", max size = 8 The files need to be separated
40 with semicolon. At list one supported field is required for the
41 option to be valid. Optional parameter.
42 • -s, --subject=STRING: The SUBJECT for the cert in the following for‐
44 mat: --subject="C=US;O=org;OU=Org unit;CN=cname" Supported fields
45 are:
46 • C - "Country", max size = 2
48 • O - "Org", max size = 8
50 • OU - "Org Unit", max size = 8
52 • CN - "Common Name", max size = 8 The files need to be separated
54 with semicolon. At list one supported field is required for the
55 option to be valid. Optional parameter.
56 • ARGUMENT No arguments required.
58 References
61 This collection of options are common to many programs and provide in‐
62 formation that many users may expect.
63 • -h, --help=[man|no-man]: Display the tools manpage. By default, it
65 attempts to invoke the manpager for the tool, however, on failure
66 will output a short tool summary. This is the same behavior if the
67 "man" option argument is specified, however if explicit "man" is re‐
68 quested, the tool will provide errors from man on stderr. If the
69 "no-man" option if specified, or the manpager fails, the short op‐
70 tions will be output to stdout.
71 To successfully use the manpages feature requires the manpages to be
73 installed or on MANPATH, See man(1) for more details.
74 • -v, --version: Display version information for this tool, supported
76 tctis and exit.
77 • -V, --verbose: Increase the information that the tool prints to the
79 console during its execution. When using this option the file and
80 line number are printed.
81 • -Q, --quiet: Silence normal tool output to stdout.
83 • -Z, --enable-errata: Enable the application of errata fixups. Useful
85 if an errata fixup needs to be applied to commands sent to the TPM.
86 Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. in‐
87 formation many users may expect.
88
90 tpm2 certifyX509certutil -o partial_cert.der -d 356
91
93 Tools can return any of the following codes:
94 • 0 - Success.
96 • 1 - General non-specific error.
98 • 2 - Options handling error.
100 • 3 - Authentication error.
102 • 4 - TCTI related error.
104 • 5 - Non supported scheme. Applicable to tpm2_testparams.
106
108 Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
109
111 See the Mailing List (https://lists.01.org/mailman/listinfo/tpm2)
112tpm2-tools tpm2_certifyX509certutil(1)