strongswan_pki---req (1) - Linux Manuals
strongswan_pki---req: Create a PKCS#10 certificate request
NAME
pki --req - Create a PKCS#10 certificate requestSYNOPSIS
[--in file|--keyid hex] [ --type type ] --dn~distinguished-name [ --san subjectAltName ] [ --password password ] [ --digest digest ] [ --outform encoding ] [ --debug level ] --options~file -h | --helpDESCRIPTION
This sub-command of pki(1) is used to create a PKCS#10 certificate request.OPTIONS
- -h, --help
- Print usage information with a summary of the available options.
- -v, --debug level
- Set debug level, default: 1.
- -+, --options file
- Read command line options from file.
- -i, --in file
- Private key input file. If not given the key is read from STDIN.
- -x, --keyid hex
- Smartcard or TPM private key object handle in hex format with an optional 0x prefix.
- -t, --type type
- Type of the input key. Either priv, rsa, ecdsa or bliss, defaults to priv.
- -d, --dn distinguished-name
- Subject distinguished name (DN). Required.
- -a, --san subjectAltName
- subjectAltName extension to include in request. Can be used multiple times.
- -p, --password password
- The challengePassword to include in the certificate request.
- -g, --digest digest
- Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. The default is determined based on the type and size of the signature key.
- -f, --outform encoding
- Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.
EXAMPLES
Generate a certificate request for an RSA key, with a subjectAltName extension:
Generate a certificate request for an ECDSA key and a different digest:
--dn