NAME

       PKCS10Client - Used to generate 1024-bit RSA key pair in the security database.

SYNOPSIS

       Usage:  PKCS10Client  -d  <location  of  certdb>  -h  <token  name> -p <token password> -a
       <algorithm: 'rsa' or 'ec'> -l <rsa key length> -c <ec curve name> -o  <output  file  which
       saves the base64 PKCS10> -n <subjectDN>

       Available  ECC  curve  names  (if  provided  by  the crypto module): nistp256 (secp256r1),
       nistp384  (secp384r1),  nistp521  (secp521r1),  nistk163  (sect163k1),  sect163r1,nistb163
       (sect163r2),  sect193r1, sect193r2, nistk233 (sect233k1), nistb233 (sect233r1), sect239k1,
       nistk283 (sect283k1), nistb283 (sect283r1), nistk409  (sect409k1),  nistb409  (sect409r1),
       nistk571  (sect571k1),  nistb571  (sect571r1), secp160k1, secp160r1, secp160r2, secp192k1,
       nistp192 (secp192r1, prime192v1), secp224k1, nistp224 (secp224r1), secp256k1,  prime192v2,
       prime192v3,   prime239v1,  prime239v2,  prime239v3,  c2pnb163v1,  c2pnb163v2,  c2pnb163v3,
       c2pnb176v1,  c2tnb191v1,  c2tnb191v2,  c2tnb191v3,  c2pnb208w1,  c2tnb239v1,   c2tnb239v2,
       c2tnb239v3,   c2pnb272w1,   c2pnb304w1,  c2tnb359w1,  c2pnb368w1,  c2tnb431r1,  secp112r1,
       secp112r2, secp128r1, secp128r2, sect113r1, sect113r2, sect131r1, sect131r2

       To get a certificate from the CA, the certificate request needs to  be  submitted  to  and
       approved  by  a  CA  agent.  Once  approved, a certificate is created for the request, and
       certificate attributes,  such  as  extensions,  are  populated  according  to  certificate
       profiles.

       Optionally, for ECC key generation per definition in JSS pkcs11.PK11KeyPairGenerator.

DESCRIPTION

       The  PKCS  #10  utility,  PKCS10Client,  generates a 1024-bit RSA key pair in the security
       database, constructs a PKCS#10 certificate request with the public key,  and  outputs  the
       request to a file.

       PKCS  #10  is  a  certification  request  syntax standard defined by RSA. A CA may support
       multiple types of  certificate  requests.  The  Certificate  System  CA  supports  KEYGEN,
       PKCS#10, CRMF, and CMC.

OPTIONS

       PKCS10Client parameters:

       -d <directory_of_NSS_security_database>
              The  directory  containing  the NSS database. This is usually the client's personal
              directory.

       -h <token_name>
              Name of the token. By default it takes 'internal'.

       -p <token_passwd>
              The password to the token.

       -l <algorithm: 'rsa' or 'ec'>
              The algorithm type either 'rsa' or 'ec'. By default it takes 'rsa'.

       -c <curve_name>
              Eleptic Curve cryptography curve name.

       -o <output_file>
              Sets the path and filename to output the new PKCS #10 certificate in base64 format.

       -n <subject_DN>
              Gives the subject DN of the certificate.

       -k <true for enabling  encoding  of  attribute  values;  false  for  default  encoding  of
       attribute values; default is false>

       -t <true for temporary(session); false for permanent(token); default is false>

       -s <1 for sensitive; 0 for non-sensitive; -1 temporaryPairMode dependent; default is -1>

       -e <1 for extractable; 0 for non-extractable; -1 token dependent; default is -1>

       -x <true for SSL cert that does ECDH ECDSA; false otherwise; default false>

       -y  <true  for  adding  SubjectKeyIdentifier  extensionfor self-signed cmc requests; false
       otherwise; default false>

AUTHORS

       Amol Kahat <akahat@redhat.com>.

COPYRIGHT

       Copyright (c) 2017 Red Hat, Inc. This is licensed under the GNU  General  Public  License,
       version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-
       licenses/gpl-2.0.txt.