strongimcv_pki—req (1) Linux Manual Page

pki –req – Create a PKCS#10 certificate request

Synopsis

[ –in file ] [ –type type ] –dn~distinguished-name [ –san subjectAltName ] [ –password password ] [ –digest digest ] [ –outform encoding ] [ –debug level ] –options~file -h | –help

Description

This sub-command of pki(1) is used to create a PKCS#10 certificate request.

Options

-h, –help

Print usage information with a summary of the available options.

-v, –debug level

Set debug level, default: 1.

-+, –options file

Read command line options from file.

-i, –in file

Private key input file. If not given the key is read from STDIN.

-t, –type type

Type of the input key. Either rsa or ecdsa, defaults to rsa.

-d, –dn distinguished-name

Subject distinguished name (DN). Required.

-a, –san subjectAltName

subjectAltName extension to include in request. Can be used multiple times.

-p, –password password

The challengePassword to include in the certificate request.

-g, –digest digest

Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.

-f, –outform encoding

Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

Examples

Generate a certificate request for an RSA key, with a subjectAltName extension:

  pki –req –in key.der –dn "C=CH, O=strongSwan, CN=moon" \
 –san moon [at] strongswan.org > req.der

Generate a certificate request for an ECDSA key and a different digest:

  pki –req –in key.der –type ecdsa –digest sha256 \
–dn "C=CH, O=strongSwan, CN=carol"  > req.der

See Also

pki(1)