strongswan_pki---req (1) - Linux Manuals

strongswan_pki---req: Create a PKCS#10 certificate request

Command to display strongswan_pki---req manual in Linux: $ man 1 strongswan_pki---req

NAME

pki --req - Create a PKCS#10 certificate request

SYNOPSIS

[--in file|--keyid hex] [ --type type ] --dn~distinguished-name [ --san subjectAltName ] [ --password password ] [ --digest digest ] [ --outform encoding ] [ --debug level ] --options~file -h | --help

DESCRIPTION

This sub-command of pki(1) is used to create a PKCS#10 certificate request.

OPTIONS

-h, --help: Print usage information with a summary of the available options.
-v, --debug level: Set debug level, default: 1.
-+, --options file: Read command line options from file.
-i, --in file: Private key input file. If not given the key is read from STDIN.
-x, --keyid hex: Smartcard or TPM private key object handle in hex format with an optional 0x prefix.
-t, --type type: Type of the input key. Either priv, rsa, ecdsa or bliss, defaults to priv.
-d, --dn distinguished-name: Subject distinguished name (DN). Required.
-a, --san subjectAltName: subjectAltName extension to include in request. Can be used multiple times.
-p, --password password: The challengePassword to include in the certificate request.
-g, --digest digest: Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. The default is determined based on the type and size of the signature key.
-f, --outform encoding: Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

EXAMPLES

Generate a certificate request for an RSA key, with a subjectAltName extension:

pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
--san moon [at] strongswan.org > req.der

Generate a certificate request for an ECDSA key and a different digest:

pki --req --in key.der --type ecdsa --digest sha256 \
--dn "C=CH, O=strongSwan, CN=carol" > req.der