1PKI --REQ(1) strongSwan PKI --REQ(1)
2
6 pki --req - Create a PKCS#10 certificate request
7
9 pki --req [--in file] [--type type] --dn distinguished-name
10 [--san subjectAltName] [--password password]
11 [--digest digest] [--outform encoding] [--debug level]
12 pki --req --options file
14 pki --req -h | --help
16
18 This sub-command of pki(1) is used to create a PKCS#10 certificate
19 request.
20
22 -h, --help
23 Print usage information with a summary of the available options.
24 -v, --debug level
26 Set debug level, default: 1.
27 -+, --options file
29 Read command line options from file.
30 -i, --in file
32 Private key input file. If not given the key is read from STDIN.
33 -t, --type type
35 Type of the input key. Either rsa or ecdsa, defaults to rsa.
36 -d, --dn distinguished-name
38 Subject distinguished name (DN). Required.
39 -a, --san subjectAltName
41 subjectAltName extension to include in request. Can be used mul‐
42 tiple times.
43 -p, --password password
45 The challengePassword to include in the certificate request.
46 -g, --digest digest
48 Digest to use for signature creation. One of md5, sha1, sha224,
49 sha256, sha384, or sha512. Defaults to sha1.
50 -f, --outform encoding
52 Encoding of the created certificate file. Either der (ASN.1 DER)
53 or pem (Base64 PEM), defaults to der.
54
56 Generate a certificate request for an RSA key, with a subjectAltName
57 extension:
58 pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
60 --san moon@strongswan.org > req.der
61 Generate a certificate request for an ECDSA key and a different digest:
63 pki --req --in key.der --type ecdsa --digest sha256 \
65 --dn "C=CH, O=strongSwan, CN=carol" > req.der
66
68 pki(1)
695.2.0 2013-07-31 PKI --REQ(1)