1PKI --REQ(1) strongSwan PKI --REQ(1)
2
3
4
6 pki --req - Create a PKCS#10 certificate request
7
9 pki --req [--in file] [--type type] --dn distinguished-name
10 [--san subjectAltName] [--password password]
11 [--digest digest] [--outform encoding] [--debug level]
12
13 pki --req --options file
14
15 pki --req -h | --help
16
18 This sub-command of pki(1) is used to create a PKCS#10 certificate
19 request.
20
22 -h, --help
23 Print usage information with a summary of the available options.
24
25 -v, --debug level
26 Set debug level, default: 1.
27
28 -+, --options file
29 Read command line options from file.
30
31 -i, --in file
32 Private key input file. If not given the key is read from STDIN.
33
34 -t, --type type
35 Type of the input key. Either rsa or ecdsa, defaults to rsa.
36
37 -d, --dn distinguished-name
38 Subject distinguished name (DN). Required.
39
40 -a, --san subjectAltName
41 subjectAltName extension to include in request. Can be used mul‐
42 tiple times.
43
44 -p, --password password
45 The challengePassword to include in the certificate request.
46
47 -g, --digest digest
48 Digest to use for signature creation. One of md5, sha1, sha224,
49 sha256, sha384, or sha512. Defaults to sha1.
50
51 -f, --outform encoding
52 Encoding of the created certificate file. Either der (ASN.1 DER)
53 or pem (Base64 PEM), defaults to der.
54
56 Generate a certificate request for an RSA key, with a subjectAltName
57 extension:
58
59 pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
60 --san moon@strongswan.org > req.der
61
62 Generate a certificate request for an ECDSA key and a different digest:
63
64 pki --req --in key.der --type ecdsa --digest sha256 \
65 --dn "C=CH, O=strongSwan, CN=carol" > req.der
66
68 pki(1)
69
70
71
725.2.0 2013-07-31 PKI --REQ(1)