1PKI --REQ(1)                      strongSwan                      PKI --REQ(1)
2
3
4

NAME

6       pki --req - Create a PKCS#10 certificate request
7

SYNOPSIS

9       pki --req [--in file|--keyid hex] [--type type] --dn distinguished-name
10                 [--san subjectAltName] [--password password]
11                 [--digest digest] [--rsa-padding padding]
12                 [--outform encoding] [--debug level]
13
14       pki --req --options file
15
16       pki --req -h | --help
17

DESCRIPTION

19       This sub-command of pki(1) is used  to  create  a  PKCS#10  certificate
20       request.
21

OPTIONS

23       -h, --help
24              Print usage information with a summary of the available options.
25
26       -v, --debug level
27              Set debug level, default: 1.
28
29       -+, --options file
30              Read command line options from file.
31
32       -i, --in file
33              Private key input file. If not given the key is read from STDIN.
34
35       -x, --keyid hex
36              Smartcard or TPM private key object handle in hex format with an
37              optional 0x prefix.
38
39       -t, --type type
40              Type of the  input  key.  Either  priv,  rsa,  ecdsa  or  bliss,
41              defaults to priv.
42
43       -d, --dn distinguished-name
44              Subject distinguished name (DN). Required.
45
46       -a, --san subjectAltName
47              subjectAltName extension to include in request. Can be used mul‐
48              tiple times.
49
50       -p, --password password
51              The challengePassword to include in the certificate request.
52
53       -g, --digest digest
54              Digest to use for signature creation. One of md5, sha1,  sha224,
55              sha256,  sha384,  or sha512.  The default is determined based on
56              the type and size of the signature key.
57
58       -R, --rsa-padding padding
59              Padding to use for RSA signatures. Either pkcs1 or pss, defaults
60              to pkcs1.
61
62       -f, --outform encoding
63              Encoding of the created certificate file. Either der (ASN.1 DER)
64              or pem (Base64 PEM), defaults to der.
65

EXAMPLES

67       Generate a certificate request for an RSA key,  with  a  subjectAltName
68       extension:
69
70         pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
71              --san moon@strongswan.org > req.der
72
73       Generate a certificate request for an ECDSA key and a different digest:
74
75         pki --req --in key.der --type ecdsa --digest sha256 \
76             --dn "C=CH, O=strongSwan, CN=carol"  > req.der
77

SEE ALSO

79       pki(1)
80
81
82
835.9.1                             2013-07-31                      PKI --REQ(1)
Impressum