Scroll to navigation

PKI --REQ(1) strongSwan PKI --REQ(1)

NAME

pki --req - Create a PKCS#10 certificate request

SYNOPSIS

pki --req [--in file] [--type type] --dn distinguished-name [--san subjectAltName] [--password password] [--digest digest] [--outform encoding] [--debug level]
pki --req --options file
pki --req -h | --help

DESCRIPTION

This sub-command of pki(1) is used to create a PKCS#10 certificate request.

OPTIONS

Print usage information with a summary of the available options.
Set debug level, default: 1.
-+, --options file
Read command line options from file.
Private key input file. If not given the key is read from STDIN.
Type of the input key. Either rsa or ecdsa, defaults to rsa.
Subject distinguished name (DN). Required.
subjectAltName extension to include in request. Can be used multiple times.
The challengePassword to include in the certificate request.
Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. Defaults to sha1.
Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

EXAMPLES

Generate a certificate request for an RSA key, with a subjectAltName extension:


pki --req --in key.der --dn "C=CH, O=strongSwan, CN=moon" \
--san moon@strongswan.org > req.der

Generate a certificate request for an ECDSA key and a different digest:


pki --req --in key.der --type ecdsa --digest sha256 \
--dn "C=CH, O=strongSwan, CN=carol" > req.der

SEE ALSO

pki(1)

2013-07-31 5.2.0