PKI −−REQ

NAME

pki −−req − Create a PKCS#10 certificate request

SYNOPSIS

	pki −−req		[−−in file] [−−type type] −−dn distinguished-name [−−san subjectAltName] [−−password password] [−−digest digest] [−−outform encoding] [−−debug level]
	pki −−req		−−options file
	pki −−req		−h \| −−help

DESCRIPTION

This sub-command of pki(1) is used to create a PKCS#10 certificate request.

OPTIONS

−h, −−help

Print usage information with a summary of the available options.

−v, −−debug level

Set debug level, default: 1.

−+, −−options file

Read command line options from file.

−i, −−in file

Private key input file. If not given the key is read from STDIN.

−t, −−type type

Type of the input key. Either priv, rsa, ecdsa or bliss, defaults to priv.

−d, −−dn distinguished-name

Subject distinguished name (DN). Required.

−a, −−san subjectAltName

subjectAltName extension to include in request. Can be used multiple times.

−p, −−password password

The challengePassword to include in the certificate request.

−g, −−digest digest

Digest to use for signature creation. One of md5, sha1, sha224, sha256, sha384, or sha512. The default is determined based on the type and size of the signature key.

−f, −−outform encoding

Encoding of the created certificate file. Either der (ASN.1 DER) or pem (Base64 PEM), defaults to der.

EXAMPLES

Generate a certificate request for an RSA key, with a subjectAltName extension:

  pki −−req −−in key.der −−dn "C=CH, O=strongSwan, CN=moon" \
       −−san moon AT strongswan DOT org > req.der

Generate a certificate request for an ECDSA key and a different digest:

  pki −−req −−in key.der −−type ecdsa −−digest sha256 \
      −−dn "C=CH, O=strongSwan, CN=carol"  > req.der