1PKI --REQ(1) strongSwan PKI --REQ(1)
2
3
4
6 pki --req - Create a PKCS#10 certificate request
7
9 pki --req [--in file|--keyid hex] [--type type] --dn distinguished-name
10 [--san subjectAltName] [--password password]
11 [--digest digest] [--rsa-padding padding]
12 [--outform encoding] [--debug level]
13
14 pki --req --options file
15
16 pki --req -h | --help
17
19 This sub-command of pki(1) is used to create a PKCS#10 certificate
20 request.
21
23 -h, --help
24 Print usage information with a summary of the available options.
25
26 -v, --debug level
27 Set debug level, default: 1.
28
29 -+, --options file
30 Read command line options from file.
31
32 -i, --in file
33 Private key input file. If not given the key is read from STDIN.
34
35 -x, --keyid hex
36 Smartcard or TPM private key object handle in hex format with an
37 optional 0x prefix.
38
39 -t, --type type
40 Type of the input key. Either priv, rsa, ecdsa or bliss,
41 defaults to priv.
42
43 -d, --dn distinguished-name
44 Subject distinguished name (DN). Required.
45
46 -a, --san subjectAltName
47 subjectAltName extension to include in request. Can be used mul‐
48 tiple times.
49
50 -p, --password password
51 The challengePassword to include in the certificate request.
52
53 -g, --digest digest
54 Digest to use for signature creation. One of md5, sha1, sha224,
55 sha256, sha384, or sha512. The default is determined based on
56 the type and size of the signature key.
57
58 -R, --rsa-padding padding
59 Padding to use for RSA signatures. Either pkcs1 or pss, defaults
60 to pkcs1.
61
62 -f, --outform encoding
63 Encoding of the created certificate file. Either der (ASN.1 DER)
64 or pem (Base64 PEM), defaults to der.
65
67 Generate a certificate request for an RSA key, with a subjectAltName
68 extension:
69
70 pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
71 --san moon@strongswan.org > req.der
72
73 Generate a certificate request for an ECDSA key and a different digest:
74
75 pki --req --in key.der --type ecdsa --digest sha256 \
76 --dn "C=CH, O=strongSwan, CN=carol" > req.der
77
79 pki(1)
80
81
82
835.9.1 2013-07-31 PKI --REQ(1)