1tpm2_certifyX509certutil(1) General Commands Manualtpm2_certifyX509certutil(1)
2
3
4
6 tpm2_certifyX509certutil(1) - Generate partial X509 certificate.
7
9 tpm2_certifyX509certutil [OPTIONS]
10
12 tpm2_certifyX509certutil(1) - Generates a partial certificate that is
13 suitable as the third input parameter for TPM2_certifyX509 command.
14 The certificate data is written into a file in DER format and can be
15 examined using openssl asn1parse tool as follows:
16
17 openssl asn1parse -in partial_cert.der -inform DER
18
20 These are the available options:
21
22 • -o, --outcert=STRING: The output file where the certificate will be
23 written to. The default is partial_cert.der Optional parameter.
24
25 • -d, --days=NUMBER: The number of days the certificate will be valid
26 starting from today. The default is 3560 (10 years) Optional parame‐
27 ter.
28
29 • -i, --issuer=STRING: The ISSUER entry for the cert in the following
30 format: –issuer=“C=US;O=org;OU=Org unit;CN=cname” Supported fields
31 are:
32
33 • C - “Country”, max size = 2
34
35 • O - “Org”, max size = 8
36
37 • OU - “Org Unit”, max size = 8
38
39 • CN - “Common Name”, max size = 8 The files need to be separated
40 with semicolon. At list one supported field is required for the
41 option to be valid. Optional parameter.
42
43 • -s, --subject=STRING: The SUBJECT for the cert in the following for‐
44 mat: –subject=“C=US;O=org;OU=Org unit;CN=cname” Supported fields are:
45
46 • C - “Country”, max size = 2
47
48 • O - “Org”, max size = 8
49
50 • OU - “Org Unit”, max size = 8
51
52 • CN - “Common Name”, max size = 8 The files need to be separated
53 with semicolon. At list one supported field is required for the
54 option to be valid. Optional parameter.
55
56 • ARGUMENT No arguments required.
57
58 References
60 This collection of options are common to many programs and provide in‐
61 formation that many users may expect.
62
63 • -h, --help=[man|no-man]: Display the tools manpage. By default, it
64 attempts to invoke the manpager for the tool, however, on failure
65 will output a short tool summary. This is the same behavior if the
66 “man” option argument is specified, however if explicit “man” is re‐
67 quested, the tool will provide errors from man on stderr. If the
68 “no-man” option if specified, or the manpager fails, the short op‐
69 tions will be output to stdout.
70
71 To successfully use the manpages feature requires the manpages to be
72 installed or on MANPATH, See man(1) for more details.
73
74 • -v, --version: Display version information for this tool, supported
75 tctis and exit.
76
77 • -V, --verbose: Increase the information that the tool prints to the
78 console during its execution. When using this option the file and
79 line number are printed.
80
81 • -Q, --quiet: Silence normal tool output to stdout.
82
83 • -Z, --enable-errata: Enable the application of errata fixups. Useful
84 if an errata fixup needs to be applied to commands sent to the TPM.
85 Defining the environment TPM2TOOLS_ENABLE_ERRATA is equivalent. in‐
86 formation many users may expect.
87
89 tpm2 certifyX509certutil -o partial_cert.der -d 356
90
92 Tools can return any of the following codes:
93
94 • 0 - Success.
95
96 • 1 - General non-specific error.
97
98 • 2 - Options handling error.
99
100 • 3 - Authentication error.
101
102 • 4 - TCTI related error.
103
104 • 5 - Non supported scheme. Applicable to tpm2_testparams.
105
107 Github Issues (https://github.com/tpm2-software/tpm2-tools/issues)
108
110 See the Mailing List (https://lists.linuxfoundation.org/mailman/listin‐
111 fo/tpm2)
112
113
114
115tpm2-tools tpm2_certifyX509certutil(1)