1tpm2_certifyX509certutil(1) General Commands Manualtpm2_certifyX509certutil(1)
2
3
4

NAME

6       tpm2_certifyX509certutil(1) - Generate partial X509 certificate.
7

SYNOPSIS

9       tpm2_certifyX509certutil [OPTIONS]
10

DESCRIPTION

12       tpm2_certifyX509certutil(1)  -  Generates a partial certificate that is
13       suitable as the third input  parameter  for  TPM2_certifyX509  command.
14       The  certificate  data  is written into a file in DER format and can be
15       examined using openssl asn1parse tool as follows:
16
17              openssl asn1parse -in partial_cert.der -inform DER
18

OPTIONS

20       These are the available options:
21
22-o, --outcert=STRING: The output file where the certificate  will  be
23         written to.  The default is partial_cert.der Optional parameter.
24
25-d,  --days=NUMBER:  The number of days the certificate will be valid
26         starting from today.  The default is 3560 (10 years) Optional parame‐
27         ter.
28
29-i,  --issuer=STRING:  The ISSUER entry for the cert in the following
30         format: –issuer=“C=US;O=org;OU=Org  unit;CN=cname”  Supported  fields
31         are:
32
33         • C - “Country”, max size = 2
34
35         • O - “Org”, max size = 8
36
37         • OU - “Org Unit”, max size = 8
38
39         • CN  -  “Common  Name”,  max size = 8 The files need to be separated
40           with semicolon.  At list one supported field is  required  for  the
41           option to be valid.  Optional parameter.
42
43-s,  --subject=STRING: The SUBJECT for the cert in the following for‐
44         mat: –subject=“C=US;O=org;OU=Org unit;CN=cname” Supported fields are:
45
46         • C - “Country”, max size = 2
47
48         • O - “Org”, max size = 8
49
50         • OU - “Org Unit”, max size = 8
51
52         • CN - “Common Name”, max size = 8 The files  need  to  be  separated
53           with  semicolon.   At  list one supported field is required for the
54           option to be valid.  Optional parameter.
55
56ARGUMENT No arguments required.
57
58   References

COMMON OPTIONS

60       This collection of options are common to many programs and provide  in‐
61       formation that many users may expect.
62
63-h,  --help=[man|no-man]:  Display the tools manpage.  By default, it
64         attempts to invoke the manpager for the  tool,  however,  on  failure
65         will  output  a short tool summary.  This is the same behavior if the
66         “man” option argument is specified, however if explicit “man” is  re‐
67         quested,  the  tool  will  provide errors from man on stderr.  If the
68         “no-man” option if specified, or the manpager fails,  the  short  op‐
69         tions will be output to stdout.
70
71         To  successfully use the manpages feature requires the manpages to be
72         installed or on MANPATH, See man(1) for more details.
73
74-v, --version: Display version information for this  tool,  supported
75         tctis and exit.
76
77-V,  --verbose:  Increase the information that the tool prints to the
78         console during its execution.  When using this option  the  file  and
79         line number are printed.
80
81-Q, --quiet: Silence normal tool output to stdout.
82
83-Z, --enable-errata: Enable the application of errata fixups.  Useful
84         if an errata fixup needs to be applied to commands sent to  the  TPM.
85         Defining  the environment TPM2TOOLS_ENABLE_ERRATA is equivalent.  in‐
86         formation many users may expect.
87

EXAMPLES

89              tpm2 certifyX509certutil -o partial_cert.der -d 356
90

Returns

92       Tools can return any of the following codes:
93
94       • 0 - Success.
95
96       • 1 - General non-specific error.
97
98       • 2 - Options handling error.
99
100       • 3 - Authentication error.
101
102       • 4 - TCTI related error.
103
104       • 5 - Non supported scheme.  Applicable to tpm2_testparams.
105

BUGS

107       Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
108

HELP

110       See the Mailing List (https://lists.linuxfoundation.org/mailman/listin
111       fo/tpm2)
112
113
114
115tpm2-tools                                         tpm2_certifyX509certutil(1)
Impressum