1PKCS10Client(1)    PKI PKCS10Client certificate request tool   PKCS10Client(1)
2
3
4

NAME

6       PKCS10Client  -  Used to generate 1024-bit RSA key pair in the security
7       database.
8
9

SYNOPSIS

11       PKCS10Client -d NSS-database -h NSS-token -p NSS-password -a  algorithm
12       [-l rsa-key-length] [-c ec-curve-name] -o output-file -n subject-DN
13
14
15       To  get  a certificate from the CA, the certificate request needs to be
16       submitted to and approved by a CA agent.  Once approved, a  certificate
17       is  created for the request, and certificate attributes, such as exten‐
18       sions, are populated according to certificate profiles.
19
20

DESCRIPTION

22       The PKCS #10 utility, PKCS10Client, generates a RSA or EC key  pair  in
23       the  security  database, constructs a PKCS #10 certificate request with
24       the public key, and outputs the request to a file.
25
26
27       PKCS #10 is a certification request syntax standard defined by RSA.   A
28       CA may support multiple types of certificate requests.  The Certificate
29       System CA supports KEYGEN, PKCS #10, CRMF, and CMC.
30
31

OPTIONS

33       PKCS10Client parameters:
34
35
36       -d NSS-database
37           The directory containing the NSS  database.  This  is  usually  the
38       client's personal directory.
39
40
41       -h NSS-token
42           Name of the token. By default it takes internal.
43
44
45       -p NSS-token
46           The password to the token.
47
48
49       -a algorithm
50           The algorithm type either rsa or ec. By default it takes rsa.
51
52
53       -l rsa-key-length
54           The  RSA  key bit length when -a rsa is specified. By default it is
55       1024.
56
57
58       -c ec-curve-name
59           Eleptic Curve cryptography curve name.
60           Possible values are (if provided by the crypto module):
61           nistp256 (secp256r1), nistp384 (secp384r1),  nistp521  (secp521r1),
62       nistk163 (sect163k1),
63           sect163r1,nistb163   (sect163r2),  sect193r1,  sect193r2,  nistk233
64       (sect233k1),
65           nistb233 (sect233r1),  sect239k1,  nistk283  (sect283k1),  nistb283
66       (sect283r1),
67           nistk409  (sect409k1),  nistb409 (sect409r1), nistk571 (sect571k1),
68       nistb571 (sect571r1),
69           secp160k1, secp160r1, secp160r2,  secp192k1,  nistp192  (secp192r1,
70       prime192v1), secp224k1,
71           nistp224    (secp224r1),    secp256k1,    prime192v2,   prime192v3,
72       prime239v1, prime239v2,
73           prime239v3,   c2pnb163v1,   c2pnb163v2,   c2pnb163v3,   c2pnb176v1,
74       c2tnb191v1, c2tnb191v2,
75           c2tnb191v3,   c2pnb208w1,   c2tnb239v1,   c2tnb239v2,   c2tnb239v3,
76       c2pnb272w1, c2pnb304w1,
77           c2tnb359w1,   c2pnb368w1,   c2tnb431r1,    secp112r1,    secp112r2,
78       secp128r1, secp128r2,
79           sect113r1, sect113r2, sect131r1, sect131r2.
80
81
82       -o output-file
83           Sets  the  path and filename to output the new PKCS #10 certificate
84       in base64 format.
85
86
87       -n subject-DN
88           Gives the subject DN of the certificate.
89
90
91       -k enable-encoding
92           true for enabling encoding of attribute values; false  for  default
93       encoding of attribute values;
94           default is false.
95
96
97       -t temporary
98           true for temporary(session); false for permanent(token); default is
99       false.
100
101
102       -s sensitivity
103           1 for sensitive; 0 for non-sensitive; -1  temporaryPairMode  depen‐
104       dent; default is -1.
105
106
107       -e extractable
108           1  for  extractable;  0  for  non-extractable;  -1 token dependent;
109       default is -1.
110
111
112       Also optional for ECC key generation:
113
114
115       -x ecdh-ecdsa
116           true for SSL cert that does ECDH ECDSA;  false  otherwise;  default
117       false.
118
119
120       -y ski-extension
121           true  for adding SubjectKeyIdentifier extension for self-signed CMC
122       shared secret requests;
123           false otherwise; default false.
124           To be used with request.useSharedSecret=true  when  running  CMCRe‐
125       quest.
126
127

AUTHORS

129       Amol Kahat <akahat@redhat.com>.
130
131
133       Copyright  (c) 2017, 2019 Red Hat, Inc.  This is licensed under the GNU
134       General Public License, version 2 (GPLv2).  A copy of this  license  is
135       available at ⟨http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.
136
137
138
139PKI                             April 28, 2017                 PKCS10Client(1)
Impressum