Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PKI --REQ(1)			  strongSwan			  PKI --REQ(1)

NAME
       pki --req - Create a PKCS#10 certificate	request

SYNOPSIS
       pki --req [--in file|--keyid hex] [--type type] --dn distinguished-name
		 [--san	subjectAltName]	[--profile profile] [--flag flag]
		 [--password password] [--digest digest]
		 [--rsa-padding	padding] [--outform encoding] [--debug level]

       pki --req [--in file|--keyid hex] [--type type] --oldreq	file
		 [--password password] [--digest digest]
		 [--rsa-padding	padding] [--outform encoding] [--debug level]

       pki --req --options file

       pki --req -h | --help

DESCRIPTION
       This  sub-command of pki(1) is used to create a PKCS#10 certificate re-
       quest.

OPTIONS
       -h, --help
	      Print usage information with a summary of	the available options.

       -v, --debug level
	      Set debug	level, default:	1.

       -+, --options file
	      Read command line	options	from file.

       -i, --in	file
	      Private key input	file. If not given the key is read from	STDIN.

       -x, --keyid hex
	      Smartcard	or TPM private key object handle in hex	format with an
	      optional 0x prefix.

       -t, --type type
	      Type of the input	key. Either priv, rsa or  ecdsa,  defaults  to
	      priv.

       -d, --dn	distinguished-name
	      Subject  distinguished name (DN).	Required if the	--dn option is
	      not set.

       -a, --san subjectAltName
	      subjectAltName extension to include in request. Can be used mul-
	      tiple times.

       -P, --profile profile
	      Certificate profile name to be included in the  certificate  re-
	      quest.  Can be any UTF8 string. Supported	e.g. by	openxpki (with
	      profiles pc-client, tls-server, etc.) or pki --issue (with  pro-
	      files  server,  client,  dual, or	ocsp) that are translated into
	      corresponding Extended Key Usage (EKU) flags  in	the  generated
	      X.509 certificate.

       -e, --flag flag
	      Add  extendedKeyUsage flag. One of serverAuth, clientAuth, ocsp-
	      Signing or msSmartcardLogon. Can be used multiple	times. Adds an
	      X.509v3 EKU extension containing these flags to the  certificate
	      request.

       -p, --password password
	      The challengePassword to include in the certificate request.

       -o, --oldreq file
	      Old  certificate	request	 to be used as a template. Required if
	      the --dn option is not set. The public key in the	 old  certifi-
	      cate  request is replaced	and a fresh signature is generated us-
	      ing the new private key. Optionally a new	challengePassword  may
	      be set using the --password option.

       -g, --digest digest
	      Digest  to  use  for  signature  creation.  One of sha1, sha224,
	      sha256,  sha384,	sha512,	 sha3_224,  sha3_256,	sha3_384,   or
	      sha3_512.	 The  default is determined based on the type and size
	      of the signature key.

       -R, --rsa-padding padding
	      Padding to use for RSA signatures. Either	pkcs1 or pss, defaults
	      to pkcs1.

       -f, --outform encoding
	      Encoding of the created certificate file.	Either der (ASN.1 DER)
	      or pem (Base64 PEM), defaults to der.

EXAMPLES
       Generate	a certificate request for an RSA key,  with  a	subjectAltName
       extension and a TLS-server profile:

	 pki --req --in	key.der	--dn "C=CH, O=strongSwan, CN=moon" \
	     --san moon@strongswan.org --profile server	> req.der

       Generate	 a  certificate	request	for a renewed key based	on an existing
       template

	 pki --req --in	myNewKey.der --oldreq myReq.der	> myNewReq.der

       Generate	a certificate request for an ECDSA key and a different digest:

	 pki --req --in	key.der	--type ecdsa --digest sha256 \
	     --dn "C=CH, O=strongSwan, CN=carol"  > req.der

SEE ALSO
       pki(1)

6.0.0				  2022-08-30			  PKI --REQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pki---req&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help